A use-after-free flaw was found in the Linux kernel’s performance events functionality. A user triggers a race condition in setting up performance monitoring between the leading PERF_TYPE_TRACEPOINT and sub PERF_EVENT_HARDWARE plus the PERF_EVENT_SOFTWARE using the perf_event_open() function with these three types. This flaw allows a local user to crash or potentially escalate their privileges on the system.
By default, except for linux-hardened, an unprivileged user can trigger an attack. For kernel that support to not allow unprivileged users to use performance events, this would require a privileged user with CAP_SYS_ADMIN, CAP_PERFMON or root to be able to abuse this flaw reducing its attack space. To confirm the current state, inspect the sysctl with the command: cat /proc/sys/kernel/perf_event_paranoid The setting >=3 would mean that unprivileged users can not use performance events, mitigating the flaw. A kernel update will be required to mitigate the flaw for root or users with CAP_SYS_ADMIN or CAP_PERFMON capabilities.