Resource Injection Affecting perf package, versions <0:4.18.0-372.119.1.el8_6
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RHEL8-PERF-7755257
- published 21 Aug 2024
- disclosed 16 Jul 2024
Introduced: 16 Jul 2024
CVE-2022-48799 Open this link in a new tabHow to fix?
Upgrade RHEL:8
perf
to version 0:4.18.0-372.119.1.el8_6 or higher.
This issue was patched in RHSA-2024:5692
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream perf
package and not the perf
package as distributed by RHEL
.
See How to fix?
for RHEL:8
relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
perf: Fix list corruption in perf_cgroup_switch()
There's list corruption on cgrp_cpuctx_list. This happens on the following path:
perf_cgroup_switch: list_for_each_entry(cgrp_cpuctx_list) cpu_ctx_sched_in ctx_sched_in ctx_pinned_sched_in merge_sched_in perf_cgroup_event_disable: remove the event from the list
Use list_for_each_entry_safe() to allow removing an entry during iteration.
References
- https://access.redhat.com/security/cve/CVE-2022-48799
- https://git.kernel.org/stable/c/2142bc1469a316fddd10012d76428f7265258f81
- https://git.kernel.org/stable/c/30d9f3cbe47e1018ddc8069ac5b5c9e66fbdf727
- https://git.kernel.org/stable/c/5d76ed4223403f90421782adb2f20a9ecbc93186
- https://git.kernel.org/stable/c/5f4e5ce638e6a490b976ade4a40017b40abb2da0
- https://git.kernel.org/stable/c/7969fe91c9830e045901970e9d755b7505881d4a
- https://git.kernel.org/stable/c/a2ed7b29d0673ba361546e2d87dbbed149456c45
- https://git.kernel.org/stable/c/f6b5d51976fcefef5732da3e3feb3ccff680f7c8