Memory Management Weakness in Linux Kernel's bpf Struct Operations
CVE-2024-58060

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 March 2025

Summary

A vulnerability in the Linux Kernel's bpf struct operations can result in improper memory management. Specifically, a Use After Free (UAF) condition arises when the configuration option CONFIG_MODULES is disabled, leading to unresolved symbols during module refcounting. This issue affects struct_ops with a 'struct module *owner' member. The registration of bpf_struct_ops is disabled when the module btf_id is missing, preventing erroneous reference counting and enhancing the overall integrity of memory management in the kernel.

Affected Version(s)

Linux 1611603537a4b88cec7993f32b70c03113801a46

Linux 1611603537a4b88cec7993f32b70c03113801a46 < 2324fb4e92092837ee278fdd8d60c48ee1a619ce

Linux 1611603537a4b88cec7993f32b70c03113801a46 < 96ea081ed52bf077cad6d00153b6fba68e510767

References

https://git.kernel.org/stable/c/b777b14c2a4a4e2322daf8e8f...

https://git.kernel.org/stable/c/2324fb4e92092837ee278fdd8...

https://git.kernel.org/stable/c/96ea081ed52bf077cad6d0015...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 6, 2025
Vulnerability Reserved
Mar 6, 2025