
There was a perf event vulnerability for the past several kernel releases until it was recently addressed with the perf events code not checking everything submitted from user-space. This issue existed from the Linux 2.6.37 kernel up through the Linux 3.8.8 kernel, plus was also back-ported to the Red Hat Enterprise Linux 2.6.32 kernel.
Making this issue now center-stage is that a zero-day exploit has been released. In about 100 lines of code it provides local privilege escalation on all affected kernels.
59 Comments