In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors
Uprobes always use bpf_prog_run_array_uprobe() under tasks-trace-RCU
protection. But it is possible to attach a non-sleepable BPF program to a
uprobe, and non-sleepable BPF programs are freed via normal RCU (see
__bpf_prog_put_noref()). This leads to UAF of the bpf_prog because a normal
RCU grace period does not imply a tasks-trace-RCU grace period.
Fix it by explicitly waiting for a tasks-trace-RCU grace period after
removing the attachment of a bpf_prog to a perf_event.
Metrics
Affected Vendors & Products
References
History
Mon, 06 Jan 2025 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Linux
Linux linux Kernel |
|
Weaknesses | CWE-416 | |
CPEs | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:* |
|
Vendors & Products |
Linux
Linux linux Kernel |
|
Metrics |
cvssV3_1
|
cvssV3_1
|
Sat, 28 Dec 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Fri, 27 Dec 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors Uprobes always use bpf_prog_run_array_uprobe() under tasks-trace-RCU protection. But it is possible to attach a non-sleepable BPF program to a uprobe, and non-sleepable BPF programs are freed via normal RCU (see __bpf_prog_put_noref()). This leads to UAF of the bpf_prog because a normal RCU grace period does not imply a tasks-trace-RCU grace period. Fix it by explicitly waiting for a tasks-trace-RCU grace period after removing the attachment of a bpf_prog to a perf_event. | |
Title | bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors | |
References |
|
![cve-icon](/static/img/cve-icon.png)
Status: PUBLISHED
Assigner: Linux
Published: 2024-12-27T15:06:36.183Z
Updated: 2024-12-27T15:06:36.183Z
Reserved: 2024-12-27T15:00:39.845Z
Link: CVE-2024-56675
![cve-icon](/static/img/cisa-icon.png)
No data.
![cve-icon](/static/img/nvd-icon.png)
Status : Analyzed
Published: 2024-12-27T15:15:27.420
Modified: 2025-01-06T15:03:31.087
Link: CVE-2024-56675
![cve-icon](/static/img/redhat-icon.png)