A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation.
The perfgroupdetach function did not check the event's siblings' attachstate before calling addeventtogroups(), but removeonexec made it possible to call listdelevent() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability.
We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.