CVE-2022-1729 log

Severity High
Remote No
Type Privilege escalation
A use-after-free flaw was found in the Linux kernel’s performance events functionality. A user triggers a race condition in setting up performance monitoring between the leading PERF_TYPE_TRACEPOINT and sub PERF_EVENT_HARDWARE plus the PERF_EVENT_SOFTWARE using the perf_event_open() function with these three types. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Group Package Affected Fixed Severity Status Ticket
AVG-2747 linux-hardened 5.17.9.hardened1-1 5.17.10.hardened1-1 High Fixed
AVG-2746 linux-zen 5.17.9.zen1-1 5.17.10.zen1-1 High Fixed
AVG-2745 linux-lts 5.15.41-1 5.15.42-1 High Fixed
AVG-2744 linux 5.17.9-1 5.17.10-1 High Fixed
By default, except for linux-hardened, an unprivileged user can trigger an attack. For kernel that support to not allow unprivileged users to use performance events, this would require a privileged user with CAP_SYS_ADMIN, CAP_PERFMON or root to be able to abuse this flaw reducing its attack space.
To confirm the current state, inspect the sysctl with the command:

    cat /proc/sys/kernel/perf_event_paranoid

The setting >=3 would mean that unprivileged users can not use performance events, mitigating the flaw.
A kernel update will be required to mitigate the flaw for root or users with CAP_SYS_ADMIN or CAP_PERFMON capabilities.