https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-05-27T23:03:17.457471+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/0b7e1474-621e-4d43-ba5e-1473d9299d81/export0b7e1474-621e-4d43-ba5e-1473d9299d812026-05-27T23:03:17.827560+00:00Automation userhttps://cve.circl.lu/user/automation{"uuid": "0b7e1474-621e-4d43-ba5e-1473d9299d81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43870", "type": "seen", "source": "https://t.me/cvedetector/3720", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-43870 - Linux Kernel Perf Event Reference Leak Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-43870 \nPublished : Aug. 21, 2024, 1:15 a.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nperf: Fix event leak upon exit \n \nWhen a task is scheduled out, pending sigtrap deliveries are deferred \nto the target task upon resume to userspace via task_work. \n \nHowever failures while adding an event's callback to the task_work \nengine are ignored. And since the last call for events exit happen \nafter task work is eventually closed, there is a small window during \nwhich pending sigtrap can be queued though ignored, leaking the event \nrefcount addition such as in the following scenario: \n \n TASK A \n ----- \n \n do_exit() \n exit_task_work(tsk); \n \n \n perf_event_overflow() \n event->pending_sigtrap = pending_id; \n irq_work_queue(&event->pending_irq); \n \n =========> PREEMPTION: TASK A -> TASK B \n event_sched_out() \n event->pending_sigtrap = 0; \n atomic_long_inc_not_zero(&event->refcount) \n // FAILS: task work has exited \n task_work_add(&event->pending_task) \n [...] \n \n perf_pending_irq() \n // early return: event->oncpu = -1 \n WORK> \n [...] \n =========> TASK B -> TASK A \n perf_event_exit_task(tsk) \n perf_event_exit_event() \n free_event() \n WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1) \n // leak event due to unexpected refcount == 2 \n \nAs a result the event is never released while the task exits. \n \nFix this with appropriate task_work_add()'s error handling. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-21T04:00:49.000000Z"}2024-08-21T04:00:49+00:00