Linux Kernel PMU Context Handling Vulnerability in Performance Events

A vulnerability in the Linux kernel's handling of performance monitoring unit (PMU) contexts can lead to out-of-bounds memory access. This issue arises when the group leader of a software event is incorrectly managed, causing transaction callbacks to reference the wrong PMU. The vulnerability affects the Linux kernel stable tree and has been addressed by ensuring that all performance event operations use the correct PMU context, particularly for inherited event groups.

Impact

Exploitation of this vulnerability could lead to out-of-bounds memory access, potentially causing memory corruption or allowing for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by creating a group of performance monitoring events, ensuring that the group leader is a software event. When the events are scheduled in, the transaction handlers will incorrectly reference the wrong PMU, leading to an out-of-bounds memory access. This can be observed by monitoring the memory access patterns during the event scheduling process.

Remediation

Users can upgrade to the patched version of the Linux kernel available in the Linux kernel Git repository.