AVG-2747 log

Package linux-hardened
Status Fixed
Severity High
Type privilege escalation
Affected 5.17.9.hardened1-1
Fixed 5.17.10.hardened1-1
Current 6.7.5.hardened1-1 [extra]
Ticket None
Created Wed May 25 19:31:41 2022
Issue Severity Remote Type Description
CVE-2022-1729 High No Privilege escalation
A use-after-free flaw was found in the Linux kernel’s performance events functionality. A user triggers a race condition in setting up performance...
By default, for linux-hardened, an unprivileged user can't trigger an attack. To prevent the possibility of an unprivileged users' attack, set kernel.perf_event_paranoid to the value 3.
To confirm the current state, inspect the sysctl with the command:

    cat /proc/sys/kernel/perf_event_paranoid

The setting >=3 would mean that unprivileged users can not use performance events, mitigating the flaw.