CVE-2024-35955

EPSS 0.27%
Veröffentlicht 20.05.2024 10:15:10
Zuletzt bearbeitet 04.04.2025 14:23:00
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

kprobes: Fix possible use-after-free issue on kprobe registration

When unloading a module, its state is changing MODULE_STATE_LIVE ->
 MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take
a time. `is_module_text_address()` and `__module_text_address()`
works with MODULE_STATE_LIVE and MODULE_STATE_GOING.
If we use `is_module_text_address()` and `__module_text_address()`
separately, there is a chance that the first one is succeeded but the
next one is failed because module->state becomes MODULE_STATE_UNFORMED
between those operations.

In `check_kprobe_address_safe()`, if the second `__module_text_address()`
is failed, that is ignored because it expected a kernel_text address.
But it may have failed simply because module->state has been changed
to MODULE_STATE_UNFORMED. In this case, arm_kprobe() will try to modify
non-exist module text address (use-after-free).

To fix this problem, we should not use separated `is_module_text_address()`
and `__module_text_address()`, but use only `__module_text_address()`
once and do `try_module_get(module)` which is only available with
MODULE_STATE_LIVE.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 13

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.14.291 < 4.15

Linux ≫ Linux Kernel Version >= 4.19.256 < 4.19.313

Linux ≫ Linux Kernel Version >= 5.4.211 < 5.4.275

Linux ≫ Linux Kernel Version >= 5.10.137 < 5.10.216

Linux ≫ Linux Kernel Version >= 5.15.61 < 5.15.157

Linux ≫ Linux Kernel Version >= 5.18.18 < 5.19

Linux ≫ Linux Kernel Version >= 5.19.2 < 6.1.87

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.28

Linux ≫ Linux Kernel Version >= 6.7 < 6.8.7

Linux ≫ Linux Kernel Version6.9 Updaterc1

Linux ≫ Linux Kernel Version6.9 Updaterc2

Linux ≫ Linux Kernel Version6.9 Updaterc3

Debian ≫ Debian Linux Version10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.5

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Third Party Advisory

Mailing List

https://git.kernel.org/stable/c/2df2dd27066cdba8041e46a64362325626bdfb2e

Patch

https://git.kernel.org/stable/c/325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8

Patch

https://git.kernel.org/stable/c/36b57c7d2f8b7de224980f1a284432846ad71ca0

Patch