Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-43869

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
21/08/2024
Last modified:
03/11/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> perf: Fix event leak upon exec and file release<br /> <br /> The perf pending task work is never waited upon the matching event<br /> release. In the case of a child event, released via free_event()<br /> directly, this can potentially result in a leaked event, such as in the<br /> following scenario that doesn&amp;#39;t even require a weak IRQ work<br /> implementation to trigger:<br /> <br /> schedule()<br /> prepare_task_switch()<br /> =======&gt; <br /> perf_event_overflow()<br /> event-&gt;pending_sigtrap = ...<br /> irq_work_queue(&amp;event-&gt;pending_irq)<br /> pending_sigtrap = 0;<br /> atomic_long_inc_not_zero(&amp;event-&gt;refcount)<br /> task_work_add(&amp;event-&gt;pending_task)<br /> finish_lock_switch()<br /> =======&gt; <br /> perf_pending_irq()<br /> //do nothing, rely on pending task work<br /> refcount, 1, 0) != 1)<br /> // event is leaked<br /> <br /> Similar scenarios can also happen with perf_event_remove_on_exec() or<br /> simply against concurrent perf_event_release().<br /> <br /> Fix this with synchonizing against the possibly remaining pending task<br /> work while freeing the event, just like is done with remaining pending<br /> IRQ work. This means that the pending task callback neither need nor<br /> should hold a reference to the event, preventing it from ever beeing<br /> freed.

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.15.84 (including) 5.15.165 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.0.14 (including) 6.1 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.1.1 (including) 6.1.103 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.44 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.10.3 (excluding)
cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc8:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools