DEBIAN-CVE-2022-48950
- Source
- https://security-tracker.debian.org/tracker/CVE-2022-48950
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-48950.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-48950
- Upstream
- Published
- 2024-10-21T20:15:06.440Z
- Modified
- 2025-12-23T15:15:44.020417Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: perf: Fix perfpendingtask() UaF Per syzbot it is possible for perfpendingtask() to run after the event is free()'d. There are two related but distinct cases: - the taskwork was already queued before destroying the event; - destroying the event itself queues the taskwork. The first cannot be solved using taskworkcancel() since perfrelease() itself might be called from a taskwork (_fput), which means the current->taskworks list is already empty and taskworkcancel() won't be able to find the perfpendingtask() entry. The simplest alternative is extending the perfevent lifetime to cover the taskwork. The second is just silly, queueing a taskwork while you know the event is going away makes no sense and is easily avoided by re-arranging how the event is marked STATEDEAD and ensuring it goes through STATE_OFF on the way down.
- References
Affected packages
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source