{"vulnerability": "CVE-2024-43870", "sightings": [{"uuid": "0b7e1474-621e-4d43-ba5e-1473d9299d81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43870", "type": "seen", "source": "https://t.me/cvedetector/3720", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43870 - Linux Kernel Perf Event Reference Leak Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-43870 \nPublished : Aug. 21, 2024, 1:15 a.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nperf: Fix event leak upon exit  \n  \nWhen a task is scheduled out, pending sigtrap deliveries are deferred  \nto the target task upon resume to userspace via task_work.  \n  \nHowever failures while adding an event's callback to the task_work  \nengine are ignored. And since the last call for events exit happen  \nafter task work is eventually closed, there is a small window during  \nwhich pending sigtrap can be queued though ignored, leaking the event  \nrefcount addition such as in the following scenario:  \n  \n    TASK A  \n    -----  \n  \n    do_exit()  \n       exit_task_work(tsk);  \n  \n         \n       perf_event_overflow()  \n          event->pending_sigtrap = pending_id;  \n          irq_work_queue(&event->pending_irq);  \n         \n    =========> PREEMPTION: TASK A -> TASK B  \n       event_sched_out()  \n          event->pending_sigtrap = 0;  \n          atomic_long_inc_not_zero(&event->refcount)  \n          // FAILS: task work has exited  \n          task_work_add(&event->pending_task)  \n       [...]  \n         \n       perf_pending_irq()  \n          // early return: event->oncpu = -1  \n       WORK>  \n       [...]  \n    =========> TASK B -> TASK A  \n       perf_event_exit_task(tsk)  \n          perf_event_exit_event()  \n             free_event()  \n                WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1)  \n                // leak event due to unexpected refcount == 2  \n  \nAs a result the event is never released while the task exits.  \n  \nFix this with appropriate task_work_add()'s error handling. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-21T04:00:49.000000Z"}]}