CVE-2022-48950: perf: Fix perf_pending_task() UaF
First published: Mon Oct 21 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: perf: Fix perf_pending_task() UaF Per syzbot it is possible for perf_pending_task() to run after the event is free()'d. There are two related but distinct cases: - the task_work was already queued before destroying the event; - destroying the event itself queues the task_work. The first cannot be solved using task_work_cancel() since perf_release() itself might be called from a task_work (____fput), which means the current->task_works list is already empty and task_work_cancel() won't be able to find the perf_pending_task() entry. The simplest alternative is extending the perf_event lifetime to cover the task_work. The second is just silly, queueing a task_work while you know the event is going away makes no sense and is easily avoided by re-arranging how the event is marked STATE_DEAD and ensuring it goes through STATE_OFF on the way down.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | <5.15.84 | |
| Linux Kernel | >=5.16<6.0.14 | |
| Linux Kernel | =6.1-rc1 | |
| Linux Kernel | =6.1-rc2 | |
| Linux Kernel | =6.1-rc3 | |
| Linux Kernel | =6.1-rc4 | |
| Linux Kernel | =6.1-rc5 | |
| Linux Kernel | =6.1-rc6 | |
| Linux Kernel | =6.1-rc7 | |
| Linux Kernel | =6.1-rc8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What versions of the Linux kernel are affected by CVE-2022-48950?
CVE-2022-48950 affects the Linux kernel versions before 5.15.84 and between 5.16.0 and 6.0.14 inclusive, as well as specific release candidates of version 6.1.
What is the nature of the vulnerability in CVE-2022-48950?
CVE-2022-48950 is a use-after-free vulnerability in the perf_pending_task() function of the Linux kernel, potentially allowing the function to execute after the associated event has been freed.
What is the recommended action to mitigate CVE-2022-48950?
To mitigate CVE-2022-48950, users should upgrade to a fixed version of the Linux kernel, specifically to versions 5.15.84 or later.
How does CVE-2022-48950 impact system security?
The use-after-free vulnerability in CVE-2022-48950 could potentially lead to arbitrary code execution or privilege escalation, compromising system security.
Are there any known exploits for CVE-2022-48950?
As of now, there are no publicly available exploits specifically targeting CVE-2022-48950, but its existence presents a risk that could be exploited.
- agent/title
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/severity
- agent/remedy
- agent/weakness
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.16
- version/linux kernel/6.1-rc1
- version/linux kernel/6.1-rc2
- version/linux kernel/6.1-rc3
- version/linux kernel/6.1-rc4
- version/linux kernel/6.1-rc5
- version/linux kernel/6.1-rc6
- version/linux kernel/6.1-rc7
- version/linux kernel/6.1-rc8