AVG-2747 log
| Package | linux-hardened |
| Status | Fixed |
| Severity | High |
| Type | privilege escalation |
| Affected | 5.17.9.hardened1-1 |
| Fixed | 5.17.10.hardened1-1 |
| Current | 6.16.12.hardened1-1 [extra] |
| Ticket | None |
| Created | Wed May 25 19:31:41 2022 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2022-1729 | High | No | Privilege escalation | A use-after-free flaw was found in the Linux kernel’s performance events functionality. A user triggers a race condition in setting up performance... |
| Notes |
|---|
By default, for linux-hardened, an unprivileged user can't trigger an attack. To prevent the possibility of an unprivileged users' attack, set kernel.perf_event_paranoid to the value 3.
To confirm the current state, inspect the sysctl with the command:
cat /proc/sys/kernel/perf_event_paranoid
The setting >=3 would mean that unprivileged users can not use performance events, mitigating the flaw. |