CVE-2023-2235

Updated: 2023-06-28

CWE: CWE-416

Description:

A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability. We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.

CVSS3: 7.8

Vendor State

OS	Vendor version	Errata
RHEL 8	4.18.0-477.21.1.el8_8	RHSA-2023:4517
Oracle Linux 8	4.18.0-477.21.1.el8_8	ELSA-2023-4517
AlmaLinux 8	4.18.0-477.21.1.el8_8	ALSA-2023:4517
Rocky Linux 8	4.18.0-477.21.1.el8_8	RLSA-2023:4517
Ubuntu 22.04	5.15.0-79.86	USN-6300-1
Ubuntu 22.04 AWS	5.15.0-1042.47	USN-6300-1
Ubuntu 22.04 Azure	5.15.0-1045.52	USN-6332-1
RHEL 9	5.14.0-284.18.1.el9_2	RHSA-2023:3723
Oracle Linux 9	5.14.0-284.18.1.el9_2	ELSA-2023-3723
Ubuntu 20.04 HWE AWS	5.15.0-1041.46~20.04.1	USN-6300-1
Ubuntu 20.04 HWE Azure	5.15.0-1045.52~20.04.1	USN-6332-1
Rocky Linux 9	5.14.0-284.18.1.el9_2	RLSA-2023:3723
AlmaLinux 9	5.14.0-284.18.1.el9_2	ALSA-2023:3723
RHEL8 EUS 8.6	4.18.0-372.75.1.el8_6	RHSA-2023:5627
RHEL9 EUS 9.0	5.14.0-70.64.1.el9_0	RHSA-2023:4137
Amazon Linux 2023	6.1.21-1.45.amzn2023	ALAS2023-2023-148

KernelCare State

OS	Original kernel version	State
RHEL 8	4.18.0-80.el8 show all hide all 4.18.0-147.0.2.el8_1 4.18.0-147.0.3.el8_1 4.18.0-147.3.1.el8_1 4.18.0-147.5.1.el8_1 4.18.0-147.8.1.el8_1 4.18.0-147.el8 4.18.0-193.1.2.el8_2 4.18.0-193.13.2.el8_2 4.18.0-193.14.3.el8_2 4.18.0-193.19.1.el8_2 4.18.0-193.28.1.el8_2 4.18.0-193.6.3.el8_2 4.18.0-193.el8 4.18.0-240.1.1.el8_3 4.18.0-240.10.1.el8_3 4.18.0-240.15.1.el8_3 4.18.0-240.22.1.el8_3 4.18.0-240.8.1.el8_3 4.18.0-240.el8 4.18.0-304.el8 4.18.0-305.10.2.el8_4 4.18.0-305.12.1.el8_4 4.18.0-305.17.1.el8_4 4.18.0-305.19.1.el8_4 4.18.0-305.25.1.el8_4 4.18.0-305.3.1.el8_4 4.18.0-305.7.1.el8_4 4.18.0-305.el8 4.18.0-348.12.2.el8_5 4.18.0-348.2.1.el8_5 4.18.0-348.20.1.el8_5 4.18.0-348.23.1.el8_5 4.18.0-348.7.1.el8_5 4.18.0-348.el8 4.18.0-372.13.1.el8_6 4.18.0-372.16.1.el8_6 4.18.0-372.19.1.el8_6 4.18.0-372.26.1.el8_6 4.18.0-372.32.1.el8_6 4.18.0-372.9.1.el8 4.18.0-425.10.1.el8_7 4.18.0-425.13.1.el8_7 4.18.0-425.19.2.el8_7 4.18.0-425.3.1.el8 4.18.0-477.10.1.el8_8 4.18.0-477.13.1.el8_8 4.18.0-477.15.1.el8_8 4.18.0-80.1.2.el8_0 4.18.0-80.11.1.el8_0 4.18.0-80.11.2.el8_0 4.18.0-80.4.2.el8_0 4.18.0-80.7.1.el8_0 4.18.0-80.7.2.el8_0	Released
Oracle Linux 8	4.18.0-147.0.2.el8_1 show all hide all 4.18.0-147.0.3.el8_1 4.18.0-147.3.1.el8_1 4.18.0-147.5.1.el8_1 4.18.0-147.8.1.el8_1 4.18.0-147.el8 4.18.0-193.1.2.el8_2 4.18.0-193.13.2.el8_2 4.18.0-193.14.3.el8_2 4.18.0-193.19.1.el8_2 4.18.0-193.28.1.el8_2 4.18.0-193.6.3.el8_2 4.18.0-193.el8 4.18.0-240.1.1.el8_3 4.18.0-240.10.1.el8_3 4.18.0-240.15.1.el8_3 4.18.0-240.22.1.el8_3 4.18.0-240.8.1.el8_3 4.18.0-240.el8 4.18.0-305.10.2.el8_4 4.18.0-305.12.1.el8_4 4.18.0-305.17.1.el8_4 4.18.0-305.19.1.el8_4 4.18.0-305.25.1.el8_4 4.18.0-305.3.1.el8_4 4.18.0-305.7.1.el8_4 4.18.0-305.el8 4.18.0-348.12.2.el8_5 4.18.0-348.2.1.el8_5 4.18.0-348.20.1.el8_5 4.18.0-348.23.1.el8_5 4.18.0-348.7.1.el8_5 4.18.0-348.el8 4.18.0-372.13.1.0.1.el8_6 4.18.0-372.16.1.0.1.el8_6 4.18.0-372.19.1.0.1.el8_6 4.18.0-372.26.1.0.1.el8_6 4.18.0-372.32.1.0.1.el8_6 4.18.0-372.9.1.el8 4.18.0-425.10.1.el8_7 4.18.0-425.13.1.el8_7 4.18.0-425.19.2.el8_7 4.18.0-425.3.1.el8 4.18.0-477.10.1.el8_8 4.18.0-477.13.1.el8_8 4.18.0-477.15.1.el8_8 4.18.0-80.1.2.el8_0 4.18.0-80.11.1.el8_0 4.18.0-80.11.2.el8_0 4.18.0-80.4.2.el8_0 4.18.0-80.7.1.el8_0 4.18.0-80.7.2.el8_0 4.18.0-80.el8	Released
CloudLinux OS 8	4.18.0-425.3.1.lve.3.el8 show all hide all 4.18.0-425.3.1.lve.el8 4.18.0-477.10.1.lve.el8 4.18.0-477.13.1.lve.1.el8 4.18.0-477.13.1.lve.el8 4.18.0-477.15.1.lve.2.el8 4.18.0-147.0.3.lve.el8 4.18.0-147.3.1.el8.lve.1 4.18.0-147.8.1.el8.lve.1 4.18.0-147.8.1.el8.lve 4.18.0-193.28.1.lve1.el8 4.18.0-305.10.2.2.lve.el8 4.18.0-305.10.2.lve.el8 4.18.0-305.12.1.lve.el8 4.18.0-305.17.1.lve.el8 4.18.0-305.19.1.lve.el8 4.18.0-305.7.1.lve.el8 4.18.0-305.lve.el8 4.18.0-348.12.2.lve.el8 4.18.0-348.20.1.lve.1.el8 4.18.0-348.20.1.lve.el8 4.18.0-348.23.1.lve.el8 4.18.0-348.7.1.lve.el8 4.18.0-348.lve.el8 4.18.0-372.13.1.lve.el8 4.18.0-372.16.1.lve.el8 4.18.0-372.19.1.lve.el8 4.18.0-372.26.1.lve.1.el8 4.18.0-372.32.1.lve.el8 4.18.0-372.9.1.1.lve.el8 4.18.0-372.9.1.lve.el8 4.18.0-425.10.1.lve.el8 4.18.0-425.13.1.lve.el8 4.18.0-425.19.2.lve.el8 4.18.0-425.3.1.lve.1.el8 4.18.0-425.3.1.lve.2.el8	Released
CloudLinux OS 7h	4.18.0-147.0.3.el7h.lve show all hide all 4.18.0-147.0.3.el7h 4.18.0-147.3.1.el7h.lve.1 4.18.0-147.8.1.el7h.lve.1 4.18.0-147.8.1.el7h.lve 4.18.0-193.28.1.lve1.el7h 4.18.0-305.10.2.2.lve.el7h 4.18.0-305.10.2.lve.el7h 4.18.0-305.12.1.lve.el7h 4.18.0-305.17.1.lve.el7h 4.18.0-305.19.1.lve.el7h 4.18.0-305.7.1.lve.el7h 4.18.0-305.lve.el7h 4.18.0-348.12.2.lve.1.el7h 4.18.0-348.12.2.lve.2.el7h 4.18.0-348.12.2.lve.el7h 4.18.0-348.20.1.lve.1.el7h 4.18.0-348.20.1.lve.el7h 4.18.0-348.23.1.lve.el7h 4.18.0-348.7.1.lve.el7h 4.18.0-348.lve.el7h 4.18.0-372.13.1.lve.el7h 4.18.0-372.16.1.lve.el7h 4.18.0-372.19.1.lve.el7h 4.18.0-372.26.1.lve.1.el7h 4.18.0-372.32.1.lve.el7h 4.18.0-372.9.1.lve.el7h 4.18.0-425.10.1.lve.el7h 4.18.0-425.13.1.lve.el7h 4.18.0-425.19.2.lve.el7h 4.18.0-425.3.1.lve.1.el7h 4.18.0-425.3.1.lve.2.el7h 4.18.0-425.3.1.lve.3.el7h 4.18.0-425.3.1.lve.el7h 4.18.0-477.10.1.lve.1.el7h 4.18.0-477.13.1.lve.1.el7h 4.18.0-477.13.1.lve.el7h 4.18.0-477.15.1.lve.1.el7h 4.18.0-80.7.2.el7h 4.18.0-477.15.1.lve.2.el7h	Released
AlmaLinux 8	4.18.0-240.15.1.el8_3 show all hide all 4.18.0-240.22.1.el8_3 4.18.0-240.el8 4.18.0-305.10.2.el8_4 4.18.0-305.12.1.el8_4 4.18.0-305.17.1.el8_4 4.18.0-305.19.1.el8_4 4.18.0-305.25.1.el8_4 4.18.0-305.3.1.el8_4 4.18.0-305.7.1.el8_4 4.18.0-305.el8 4.18.0-348.12.2.el8_5 4.18.0-348.2.1.el8_5 4.18.0-348.20.1.el8.fscrypt 4.18.0-348.20.1.el8_5 4.18.0-348.23.1.el8_5 4.18.0-348.7.1.el8_5 4.18.0-348.el8 4.18.0-372.13.1.el8_6 4.18.0-372.16.1.el8_6 4.18.0-372.19.1.el8_6 4.18.0-372.26.1.el8_6 4.18.0-372.32.1.el8_6 4.18.0-372.9.1.el8 4.18.0-425.10.1.el8_7 4.18.0-425.13.1.el8_7 4.18.0-425.19.2.el8_7 4.18.0-425.3.1.el8 4.18.0-477.10.1.el8_8 4.18.0-477.13.1.el8_8 4.18.0-477.15.1.el8_8	Released
Rocky Linux 8	4.18.0-305.10.2.el8_4 show all hide all 4.18.0-305.12.1.el8_4 4.18.0-305.17.1.el8_4 4.18.0-305.25.1.el8_4 4.18.0-305.3.1.el8_4 4.18.0-305.7.1.el8_4 4.18.0-348.12.2.el8_5 4.18.0-305.19.1.el8_4 4.18.0-348.2.1.el8_5 4.18.0-348.20.1.el8_5 4.18.0-348.23.1.el8_5 4.18.0-348.7.1.el8_5 4.18.0-372.13.1.el8_6 4.18.0-372.16.1.el8_6.0.1 4.18.0-372.16.1.el8_6 4.18.0-372.19.1.el8_6 4.18.0-372.26.1.el8_6 4.18.0-372.32.1.el8_6 4.18.0-372.9.1.el8 4.18.0-425.10.1.el8_7 4.18.0-425.13.1.el8_7 4.18.0-425.19.2.el8_7 4.18.0-425.3.1.el8 4.18.0-477.10.1.el8_8 4.18.0-477.13.1.el8_8 4.18.0-477.15.1.el8_8	Released
Ubuntu 22.04	5.15.0-25.25	In Rollout
Ubuntu 22.04	5.15.0-27.28 show all hide all 5.15.0-28.29 5.15.0-29.30 5.15.0-30.31 5.15.0-33.34 5.15.0-35.36 5.15.0-37.39 5.15.0-39.42 5.15.0-40.43 5.15.0-41.44 5.15.0-43.46 5.15.0-46.49 5.15.0-47.51 5.15.0-48.54 5.15.0-50.56 5.15.0-52.58 5.15.0-53.59 5.15.0-54.60 5.15.0-56.62 5.15.0-57.63 5.15.0-58.64 5.15.0-60.66 5.15.0-67.74 5.15.0-68.75 5.15.0-69.76 5.15.0-70.77 5.15.0-71.78 5.15.0-72.79 5.15.0-73.80 5.15.0-74.81 5.15.0-75.82 5.15.0-76.83 5.15.0-78.85	Released
Ubuntu 22.04 AWS	5.15.0-1028.32 show all hide all 5.15.0-1004.6 5.15.0-1005.7 5.15.0-1008.10 5.15.0-1009.11 5.15.0-1011.14 5.15.0-1013.17 5.15.0-1014.18 5.15.0-1015.19 5.15.0-1017.21 5.15.0-1018.22 5.15.0-1020.24 5.15.0-1021.25 5.15.0-1022.26 5.15.0-1023.27 5.15.0-1024.29 5.15.0-1026.30 5.15.0-1027.31 5.15.0-1030.34 5.15.0-1031.35 5.15.0-1032.36 5.15.0-1033.37 5.15.0-1034.38 5.15.0-1035.39 5.15.0-1036.40 5.15.0-1037.41 5.15.0-1038.43 5.15.0-1039.44 5.15.0-1040.45	Released
Ubuntu 22.04 Azure	5.15.0-1003.4 show all hide all 5.15.0-1005.6 5.15.0-1007.8 5.15.0-1008.9 5.15.0-1010.12 5.15.0-1012.15 5.15.0-1013.16 5.15.0-1014.17 5.15.0-1017.20 5.15.0-1019.24 5.15.0-1020.25 5.15.0-1021.26 5.15.0-1022.27 5.15.0-1023.29 5.15.0-1024.30 5.15.0-1029.36 5.15.0-1034.41 5.15.0-1035.42 5.15.0-1036.43 5.15.0-1037.44 5.15.0-1038.45 5.15.0-1039.46 5.15.0-1040.47 5.15.0-1041.48 5.15.0-1042.49	Released
RHEL 9	5.14.0-162.12.1.el9_1 show all hide all 5.14.0-162.18.1.el9_1 5.14.0-162.22.2.el9_1 5.14.0-162.23.1.el9_1 5.14.0-162.6.1.el9_1 5.14.0-284.11.1.el9_2 5.14.0-70.13.1.el9_0 5.14.0-70.17.1.el9_0 5.14.0-70.22.1.el9_0 5.14.0-70.26.1.el9_0 5.14.0-70.30.1.el9_0 5.14.0-70.5.1.el9_0	Released
Oracle Linux 9	5.14.0-70.26.1.0.1.el9_0 show all hide all 5.14.0-162.12.1.el9_1 5.14.0-162.18.1.el9_1 5.14.0-162.22.2.el9_1 5.14.0-162.23.1.el9_1 5.14.0-162.6.1.el9_1 5.14.0-284.11.1.el9_2 5.14.0-70.13.1.0.3.el9_0 5.14.0-70.17.1.0.1.el9_0 5.14.0-70.22.1.0.1.el9_0 5.14.0-70.30.1.0.1.el9_0	Released
Ubuntu 20.04 HWE AWS	5.15.0-1014.18~20.04.1 show all hide all 5.15.0-1015.19~20.04.1 5.15.0-1017.21~20.04.1 5.15.0-1018.22~20.04.1 5.15.0-1019.23~20.04.1 5.15.0-1020.24~20.04.1 5.15.0-1021.25~20.04.1 5.15.0-1022.26~20.04.1 5.15.0-1023.27~20.04.1 5.15.0-1026.30~20.04.2 5.15.0-1027.31~20.04.1 5.15.0-1028.32~20.04.1 5.15.0-1030.34~20.04.1 5.15.0-1031.35~20.04.1 5.15.0-1033.37~20.04.1 5.15.0-1034.38~20.04.1 5.15.0-1035.39~20.04.1 5.15.0-1036.40~20.04.1 5.15.0-1037.41~20.04.1 5.15.0-1038.43~20.04.1 5.15.0-1039.44~20.04.1 5.15.0-1040.45~20.04.1	Released
Ubuntu 20.04 HWE Azure	5.15.0-1008.9~20.04.1 show all hide all 5.15.0-1013.16~20.04.1 5.15.0-1014.17~20.04.1 5.15.0-1017.20~20.04.1 5.15.0-1019.24~20.04.1 5.15.0-1020.25~20.04.1 5.15.0-1021.26~20.04.1 5.15.0-1022.27~20.04.1 5.15.0-1023.29~20.04.1 5.15.0-1024.30~20.04.1 5.15.0-1029.36~20.04.1 5.15.0-1034.41~20.04.1	Released
Rocky Linux 9	5.14.0-162.12.1.el9_1.0.1 show all hide all 5.14.0-162.12.1.el9_1.0.2 5.14.0-70.30.1.el9_0 5.14.0-162.18.1.el9_1 5.14.0-162.22.2.el9_1 5.14.0-162.23.1.el9_1 5.14.0-162.6.1.el9_1.0.1 5.14.0-162.6.1.el9_1 5.14.0-70.22.1.el9_0 5.14.0-70.26.1.el9_0 5.14.0-284.11.1.el9_2	Released
AlmaLinux 9	5.14.0-162.12.1.el9_1 show all hide all 5.14.0-162.18.1.el9_1 5.14.0-162.22.2.el9_1 5.14.0-162.23.1.el9_1 5.14.0-162.6.1.el9_1 5.14.0-284.11.1.el9_2 5.14.0-70.13.1.el9_0 5.14.0-70.17.1.el9_0 5.14.0-70.22.1.el9_0 5.14.0-70.26.1.el9_0 5.14.0-70.30.1.el9_0	Released
RHEL8 EUS 8.6	4.18.0-372.36.1.el8_6 show all hide all 4.18.0-372.41.1.el8_6 4.18.0-372.46.1.el8_6 4.18.0-372.51.1.el8_6 4.18.0-372.70.1.el8_6 4.18.0-372.57.1.el8_6 4.18.0-372.52.1.el8_6 4.18.0-372.64.1.el8_6	Released
RHEL9 EUS 9.0		Planned
Proxmox VE 8		Will Not Fix
Amazon Linux 2023		Planned