CVE-2023-2235: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2023-2235) was discovered in the Linux Kernel Performance Events system, identified on May 1, 2023. The vulnerability affects the perfgroupdetach function in the Linux kernel versions 5.13 through versions prior to 6.3-rc2. This security flaw can potentially be exploited to achieve local privilege escalation (NVD, Debian Tracker).

The vulnerability occurs when the perfgroupdetach function fails to check the event's siblings' attachstate before calling addeventtogroups(). The removeonexec functionality made it possible to call listdelevent() before detaching from their group, which could result in a dangling pointer causing a use-after-free vulnerability. The issue has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NetApp Security).

The successful exploitation of this vulnerability could lead to local privilege escalation, disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). However, on Ubuntu systems, the impact is mitigated as Ubuntu kernels enable SECURITYPERFEVENTSRESTRICT which sets kernel.perfevent_paranoid >= 2 and disables unprivileged users from using perf by default (Ubuntu Security).

The vulnerability has been fixed in Linux kernel commit fd0815f632c24878e325821943edccc7fde947a2. The fix involves adding a proper check of sibling's attachstate before calling addeventtogroups() in the perfgroupdetach function. Various Linux distributions have released patches to address this vulnerability, including Ubuntu and Red Hat Enterprise Linux (Kernel Commit).