Peter Zijlstra

5 exploits Active since May 2012
CVE-2023-5717 NOMISEC HIGH STUB
Linux Kernel 3.2.95-3.2.99 - Heap Out-of-bounds Write in Performance Events Component
A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.
CVSS 7.8
CVE-2011-2918 WRITEUP MEDIUM WRITEUP
Linux Kernel < 3.1 - Denial of Service via Performance Events Subsystem
The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application.
CVSS 5.5
CVE-2017-6001 WRITEUP HIGH WRITEUP
Linux Kernel 3.18.54-3.18.92 - Race Condition in perf_event_open
Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786.
CVSS 7.0
CVE-2018-15594 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.18.1 - Exposure of Sensitive Information via Paravirtual Indirect Call Mishandling
arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.
CVSS 5.5
CVE-2022-39188 WRITEUP MEDIUM WRITEUP
Linux Kernel < 5.19 - Race Condition in TLB Handling via unmap_mapping_range
An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.
CVSS 4.7