CVE-2022-49607

Summary

CVE-2022-49607 is a data race vulnerability affecting the Linux kernel. Yang Jihing discovered a race condition between the functions perf_event_set_output() and perf_mmap_close(). Specifically, the race occurs when perf_event_set_output() attaches an event to a ring buffer (rb) before perf_mmap_close() detaches the rb from another process. This can result in a subsequent perf_mmap() call getting stuck in an infinite loop. The issue arises because both functions hold their own mmap mutexes without proper synchronization, allowing the race to occur. To address this vulnerability, the perf_event_set_output() function now takes both e1->mmap_mutex and e2->mmap_mutex, and the perf_mmap() function detaches the rb directly, eliminating the need to wait for concurrent perf_mmap_close() calls to make progress.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.