AVG-2747 log
Package | linux-hardened |
Status | Fixed |
Severity | High |
Type | privilege escalation |
Affected | 5.17.9.hardened1-1 |
Fixed | 5.17.10.hardened1-1 |
Current |
6.12.6.hardened1-2 [extra-testing] 6.12.6.hardened1-1 [extra] |
Ticket | None |
Created | Wed May 25 19:31:41 2022 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2022-1729 | High | No | Privilege escalation | A use-after-free flaw was found in the Linux kernel’s performance events functionality. A user triggers a race condition in setting up performance... |
Notes |
---|
By default, for linux-hardened, an unprivileged user can't trigger an attack. To prevent the possibility of an unprivileged users' attack, set kernel.perf_event_paranoid to the value 3. To confirm the current state, inspect the sysctl with the command: cat /proc/sys/kernel/perf_event_paranoid The setting >=3 would mean that unprivileged users can not use performance events, mitigating the flaw. |