CVE-2024-43869

CVE Details

Release Date:2024-08-21
Impact:Moderate What is this?

Description


In the Linux kernel, the following vulnerability has been resolved:\nperf: Fix event leak upon exec and file release\nThe perf pending task work is never waited upon the matching event\nrelease. In the case of a child event, released via free_event()\ndirectly, this can potentially result in a leaked event, such as in the\nfollowing scenario that doesn't even require a weak IRQ work\nimplementation to trigger:\nschedule()\nprepare_task_switch()\n=======> \nperf_event_overflow()\nevent->pending_sigtrap = ...\nirq_work_queue(&event->pending_irq)\n<======= \nperf_event_task_sched_out()\nevent_sched_out()\nevent->pending_sigtrap = 0;\natomic_long_inc_not_zero(&event->refcount)\ntask_work_add(&event->pending_task)\nfinish_lock_switch()\n=======> \nperf_pending_irq()\n//do nothing, rely on pending task work\n<======= \nbegin_new_exec()\nperf_event_exit_task()\nperf_event_exit_event()\n// If is child event\nfree_event()\nWARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1)\n// event is leaked\nSimilar scenarios can also happen with perf_event_remove_on_exec() or\nsimply against concurrent perf_event_release().\nFix this with synchonizing against the possibly remaining pending task\nwork while freeing the event, just like is done with remaining pending\nIRQ work. This means that the pending task callback neither need nor\nshould hold a reference to the event, preventing it from ever beeing\nfreed.

See more information about CVE-2024-43869 from MITRE CVE dictionary and NIST NVD


NOTE: The following CVSS metrics and score provided are preliminary and subject to review.


CVSS v3 metrics

Base Score: 6.1
Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Version: 3.1
Attack Vector: Local
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: Low

Errata information


PlatformErrataRelease Date
Oracle Linux version 9 (kernel)ELSA-2024-93152024-11-14


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete