The perftraceeventperm function in kernel/trace/traceevent_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application.
{ "urgency": "not yet assigned" }