Fix possible use-after-free issue on kprobe registration
CVE-2024-35955

8.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 20 May 2024

Summary

A vulnerability in the Linux kernel's handling of kprobe registrations has been identified, which can lead to a use-after-free condition during module unloading. When a module is being unloaded, its state transitions from LIVE to GOING and finally to UNFORMED. This transition occurs sequentially, allowing a time window where operations like is_module_text_address() and __module_text_address() could mistakenly reference a module's text address even after its state has changed to UNFORMED. The flaw occurs if the kernel attempts to modify an address that is no longer valid, leading to potential security risks. The recommended mitigation is to avoid utilizing separate checks and to call __module_text_address() only once, ensuring module integrity.

Affected Version(s)

Linux 1c836bad43f3e2ff71cc397a6e6ccb4e7bd116f8

Linux 6a119c1a584aa7a2c6216458f1f272bf1bc93a93 < 93eb31e7c3399e326259f2caa17be1e821f5a412

Linux 2a49b025c36ae749cee7ccc4b7e456e02539cdc3 < 5062d1f4f07facbdade0f402d9a04a788f52e26d

References

https://git.kernel.org/stable/c/b5808d40093403334d939e2c3...

https://git.kernel.org/stable/c/93eb31e7c3399e326259f2caa...

https://git.kernel.org/stable/c/5062d1f4f07facbdade0f402d...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 20, 2024