Description

In the Linux kernel, the following vulnerability has been resolved: perf: Fix perf_pending_task() UaF Per syzbot it is possible for perf_pending_task() to run after the event is free()'d. There are two related but distinct cases: - the task_work was already queued before destroying the event; - destroying the event itself queues the task_work. The first cannot be solved using task_work_cancel() since perf_release() itself might be called from a task_work (____fput), which means the current->task_works list is already empty and task_work_cancel() won't be able to find the perf_pending_task() entry. The simplest alternative is extending the perf_event lifetime to cover the task_work. The second is just silly, queueing a task_work while you know the event is going away makes no sense and is easily avoided by re-arranging how the event is marked STATE_DEAD and ensuring it goes through STATE_OFF on the way down.

INFO

Published Date :

2024-10-21T20:05:38.440Z

Last Modified :

2025-12-23T13:21:16.235Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2022-48950 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-48950.

URL Resource
https://git.kernel.org/stable/c/517e6a301f34613bff24a8e35b5455884f2d83d8 cve-icon cve-icon
https://git.kernel.org/stable/c/78e1317a174edbfd1182599bf76c092a2877672c cve-icon cve-icon
https://git.kernel.org/stable/c/8bffa95ac19ff27c8261904f89d36c7fcf215d59 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024102141-CVE-2022-48950-dc5f@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-48950 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-48950 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact