CVE-2024-56675

EPSS 0.05%
Veröffentlicht 27.12.2024 15:15:27
Zuletzt bearbeitet 03.11.2025 21:18:18
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors

Uprobes always use bpf_prog_run_array_uprobe() under tasks-trace-RCU
protection. But it is possible to attach a non-sleepable BPF program to a
uprobe, and non-sleepable BPF programs are freed via normal RCU (see
__bpf_prog_put_noref()). This leads to UAF of the bpf_prog because a normal
RCU grace period does not imply a tasks-trace-RCU grace period.

Fix it by explicitly waiting for a tasks-trace-RCU grace period after
removing the attachment of a bpf_prog to a perf_event.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.0 < 6.1.121

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.67

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.6

Linux ≫ Linux Kernel Version6.13 Updaterc1

Linux ≫ Linux Kernel Version6.13 Updaterc2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.146

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/9245459a992d22fe0e92e988f49db1fec82c184a

Patch

https://git.kernel.org/stable/c/9b53d2c2a38a1effc341d99be3f99fa7ef17047d

Patch

https://git.kernel.org/stable/c/ef1b808e3b7c98612feceedf985c2fbbeb28f956

Patch

https://git.kernel.org/stable/c/f9f85df30118f3f4112761e6682fc60ebcce23e5

Patch

https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html

https://nvd.nist.gov/vuln/detail/CVE-2024-56675

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-56675

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-56675

EUVD