CVE-2024-56675

HIGH EPSS 13.0%
Published Dec 27, 20241y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Dec 27, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors Uprobes always use bpf_prog_run_array_uprobe() under tasks-trace-RCU protection. But it is possible to attach a non-sleepable BPF program to a uprobe, and non-sleepable BPF programs are freed via normal RCU (see __bpf_prog_put_noref()). This leads to UAF of the bpf_prog because a normal RCU grace period does not imply a tasks-trace-RCU grace period. Fix it by explicitly waiting for a tasks-trace-RCU grace period after removing the attachment of a bpf_prog to a perf_event.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
13.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥6.0  –  <6.1.121
linuxlinux_kernel*≥6.2  –  <6.6.67
linuxlinux_kernel*≥6.7  –  <6.12.6
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any

References 5

  • git.kernel.org https://git.kernel.org/stable/c/9245459a992d22fe0e92e988f49db1fec82c184a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9b53d2c2a38a1effc341d99be3f99fa7ef17047d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ef1b808e3b7c98612feceedf985c2fbbeb28f956
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f9f85df30118f3f4112761e6682fc60ebcce23e5
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/9245459a992d22fe0e92e988f49db1fec82c184a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9b53d2c2a38a1effc341d99be3f99fa7ef17047d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ef1b808e3b7c98612feceedf985c2fbbeb28f956
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f9f85df30118f3f4112761e6682fc60ebcce23e5
    Patch