oss-sec mailing list archives
Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation
From: Philip Pettersson <philip.pettersson () gmail com>
Date: Thu, 26 May 2022 11:17:52 -0700
Hi Norbert & list, On Tue, May 24, 2022 at 3:23 PM Norbert Slusarek <nslusarek () gmx net> wrote:
I don't intend to share the exploit to the public, mainly because the issue was fixed only few days ago. Instead, anyone wanting to check his own system for the bug should resort to the attached PoC repro.
I think it's important to remember that closed mailing lists filled with private/embargoed exploits become valuable targets. They have been compromised ever since Zardoz in the 1980s, vendor-sec was discontinued for the same reason. By keeping zerodays in linux-distros you paint a target on every recipient of the list. You should assume that any working exploit code you share to a mailing list will eventually fall into the hands of bad actors. Therefore, I don't think selective full-disclosure works. Regards, Philip
Current thread:
- CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Norbert Slusarek (May 20)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Solar Designer (May 21)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Norbert Slusarek (May 24)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Solar Designer (May 24)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Norbert Slusarek (May 26)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Jeremy Stanley (May 26)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Solar Designer (May 26)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Solar Designer (Jun 30)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Norbert Slusarek (Jun 30)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Norbert Slusarek (May 24)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Solar Designer (May 21)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Philip Pettersson (May 26)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Mike O'Connor (May 27)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Solar Designer (May 28)