CVE-2024-43869

CVE Details

Release Date:

2024-08-21

Description

In the Linux kernel, the following vulnerability has been resolved:\nperf: Fix event leak upon exec and file release\nThe perf pending task work is never waited upon the matching event\nrelease. In the case of a child event, released via free_event()\ndirectly, this can potentially result in a leaked event, such as in the\nfollowing scenario that doesn't even require a weak IRQ work\nimplementation to trigger:\nschedule()\nprepare_task_switch()\n=======> \nperf_event_overflow()\nevent->pending_sigtrap = ...\nirq_work_queue(&event->pending_irq)\n<======= \nperf_event_task_sched_out()\nevent_sched_out()\nevent->pending_sigtrap = 0;\natomic_long_inc_not_zero(&event->refcount)\ntask_work_add(&event->pending_task)\nfinish_lock_switch()\n=======> \nperf_pending_irq()\n//do nothing, rely on pending task work\n<======= \nbegin_new_exec()\nperf_event_exit_task()\nperf_event_exit_event()\n// If is child event\nfree_event()\nWARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1)\n// event is leaked\nSimilar scenarios can also happen with perf_event_remove_on_exec() or\nsimply against concurrent perf_event_release().\nFix this with synchonizing against the possibly remaining pending task\nwork while freeing the event, just like is done with remaining pending\nIRQ work. This means that the pending task callback neither need nor\nshould hold a reference to the event, preventing it from ever beeing\nfreed.

See more information about CVE-2024-43869 from MITRE CVE dictionary and NIST NVD

CVSS Scoring

NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score:	6.1	CVSS Vector:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Attack Vector:	Local network	Attack Complexity:	Low
Privileges Required:	Low	User Interaction:	None
Scope:	Unchanged	Confidentiality Impact:	High
Integrity Impact:	None	Availability Impact:	Low

Errata information

Platform	Errata	Release Date
Oracle Linux version 9 (kernel)	ELSA-2024-9315	2024-11-14