ACK: [SRU Focal,Jammy,OEM-6.1,Lunar,Mantic 0/3] CVE-2023-6931
Tim Gardner
tim.gardner at canonical.com
Thu Jan 4 16:20:08 UTC 2024
- Previous message (by thread): ACK: [SRU Focal,Jammy,OEM-6.1,Lunar,Mantic 0/3] CVE-2023-6931
- Next message (by thread): APPLIED[M,L,J,F]: [SRU Focal,Jammy,OEM-6.1,Lunar,Mantic 0/3] CVE-2023-6931
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
On 1/3/24 12:04 PM, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> An out-of-bounds write is possible when using perf events. On systems where
> unprivileged users have access to perf (perf_event_paranoid <= 3 on 5.4 and
> later), this could allow privilege escalation.
>
> [Backport]
> On Jammy and Focal, an extra pre-requisite was added, introducing the
> ability to read lost samples per event. Though not strictly necessary,
> that's how upstream stable did it, so this would make future changes easier.
>
> [Test case]
> A reproducer was built and tested. The system no longer crashes after
> these changes.
>
> [Potential regression]
> perf users may regress or new vulnerabilities might be possible.
>
> Mark Rutland (1):
> perf: Fix perf_event_validate_size() lockdep splat
>
> Peter Zijlstra (1):
> perf: Fix perf_event_validate_size()
>
> kernel/events/core.c | 69 ++++++++++++++++++++++++++++++--------------
> 1 file changed, 47 insertions(+), 22 deletions(-)
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
-----------
Tim Gardner
Canonical, Inc
- Previous message (by thread): ACK: [SRU Focal,Jammy,OEM-6.1,Lunar,Mantic 0/3] CVE-2023-6931
- Next message (by thread): APPLIED[M,L,J,F]: [SRU Focal,Jammy,OEM-6.1,Lunar,Mantic 0/3] CVE-2023-6931
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the kernel-team
mailing list