mailing list archives
Re: CVE request: perf: may parse user-controlled config file
From: Josh Bressers <bressers () redhat com>
Date: Tue, 9 Aug 2011 15:53:09 -0400 (EDT)
----- Original Message -----
This was reported by Christian Ohm at:
The perf command, provided as part of the Linux kernel source, looks
for and honors configuration settings in ./config. A local user could
obtain elevated privileges by convincing a superuser to run the perf
command from a directory the user controls.
Please use CVE-2011-2905.