OSG-SEC-2022-08-10 HIGH Linux kernel perf use-after-free flaw
Dear OSG Security Contacts,
Vulnerabilities have been found concerning the Linux kernel perf subsystem's perf_event_open() which may lead to local privilege escalation or system crash.
All major Linux distribution kernels
WHAT ARE THE VULNERABILITIES:
A use-after-free flaw was found in the Linux kernel's performance events functionality. A user triggers a race condition in setting up performance monitoring between the leading PERF_TYPE_TRACEPOINT and sub PERF_EVENT_HARDWARE plus the PERF_EVENT_SOFTWARE using the perf_event_open() function with these three types. This flaw allows a local user to crash the system. The exploit can be used by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.
WHAT YOU SHOULD DO:
Update your Linux systems with the available patches and restart them. .
Sites running RHEL should see 
Sites running CentOS should also see 
Sites running Scientific Linux should see 
Sites running Debian should see 
Sites running Ubuntu should see 
Sites running RockyLinux should see 
Sites running Almalinux should see 
Please contact the OSG security team at sec[email protected] if you have any questions or concerns.
OSG Security Team