CVE-2023-52839

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.0-rc6

Description The vulnerability is related to the perf component of the Linux kernel, which is responsible for performance monitoring and analysis. The issue arises from incorrect resource management in the pmu sbi ctr start() and pmu sbi ctr stop() functions. This can lead to a denial-of-service (DoS) condition, where an attacker could potentially cause the system to crash or become unresponsive. The vulnerability can be triggered by executing a specific command, such as $ perf record -e cycles:k -e instructions:k -c 10000 -m 64M dd if=/dev/zero of=/dev/null count=1000, which can cause a kernel warning and potentially lead to a system crash.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, versions prior to 6.6.0-rc6 are affected, so updating to 6.6.0-rc6 or later should mitigate the issue. As a temporary workaround, consider disabling the pmu sbi ctr start() function until a patch is available. Restrict access to the perf component to minimize the risk of exploitation. Avoid using the perf record command with the specified options until the issue is resolved. At the moment, there is no information about other workarounds for this vulnerability.