CVE-2024-58060

HIGH EPSS 8.6%
Published Mar 6, 20251y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Mar 6, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing There is a UAF report in the bpf_struct_ops when CONFIG_MODULES=n. In particular, the report is on tcp_congestion_ops that has a "struct module *owner" member. For struct_ops that has a "struct module *owner" member, it can be extended either by the regular kernel module or by the bpf_struct_ops. bpf_try_module_get() will be used to do the refcounting and different refcount is done based on the owner pointer. When CONFIG_MODULES=n, the btf_id of the "struct module" is missing: WARN: resolve_btfids: unresolved symbol module Thus, the bpf_try_module_get() cannot do the correct refcounting. Not all subsystem's struct_ops requires the "struct module *owner" member. e.g. the recent sched_ext_ops. This patch is to disable bpf_struct_ops registration if the struct_ops has the "struct module *" member and the "struct module" btf_id is missing. The btf_type_is_fwd() helper is moved to the btf.h header file for this test. This has happened since the beginning of bpf_struct_ops which has gone through many changes. The Fixes tag is set to a recent commit that this patch can apply cleanly. Considering CONFIG_MODULES=n is not common and the age of the issue, targeting for bpf-next also.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
8.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 2

VendorProductVersionRange
linuxlinux_kernel*≥6.9  –  <6.12.13
linuxlinux_kernel*≥6.13  –  <6.13.2

References 3

  • git.kernel.org https://git.kernel.org/stable/c/2324fb4e92092837ee278fdd8d60c48ee1a619ce
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/96ea081ed52bf077cad6d00153b6fba68e510767
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b777b14c2a4a4e2322daf8e8ffd42d2b88831b17
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/2324fb4e92092837ee278fdd8d60c48ee1a619ce
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/96ea081ed52bf077cad6d00153b6fba68e510767
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b777b14c2a4a4e2322daf8e8ffd42d2b88831b17
    Patch