A vulnerability has been identified in the Linux kernel (CVE-2022-1729) that could allow a local user to gain root access to the system. The vulnerability is caused by a race condition in the perf subsystem, which can be used to initiate access to an already freed area of kernel memory (use-after-free). The problem has been manifest since the release of the 4.0-rc1 kernel. Exploitability has been confirmed for releases 5.4.193+.
The fix is currently only available in patch form. The danger of the vulnerability is mitigated by the fact that most distributions restrict access to perf to unprivileged users by default. As a security workaround, you can set the kernel.perf_event_paranoid sysctl parameter to 3.
Source: opennet.ru