« BackRace conditions in Linux Kernel perf eventsbinarygecko.comSubmitted by signa11 10 months ago
  • vlovich123 10 months ago

    > We disclosed this vulnerability to the kernel security team through responsible disclosure. The patch on the mailing list is visible here.

    The patch is dated today. Isn’t responsible disclosure to wait a bit until the security update can work its way into some actual distributions (or heck even a kernel release) and not publish a detailed 0-day for all Linux kernels?

    Edit: reading the exploit description more fully:

    > On most (or even all) distributions this strategy doesn’t work.

    Only impacts vanilla builds using the default config.

    • jeffbee 10 months ago

      perf_event_open is already privileged.

      • snvzz 10 months ago

        [flagged]