Mikel Rychliski

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.11.0-rc7+ Description: The issue is related to the tracing/probes functionality in the Linux kernel. When creating a trace probe, the kernel would set nr args prior to truncating the arguments to MAX TRACE ARGS, but only initialize arguments up to the limit. This caused invalid memory access when attempting to set up probes with more than 128 fetchargs, resulting in a kernel NULL pointer dereference. The problem is resolved by applying the MAX TRACE ARGS limit earlier and returning an error when there are too many arguments instead of silently truncating. Recommendations: For Linux kernel versions prior to 6.11.0-rc7+, apply the MAX TRACE ARGS limit earlier and return an error when there are too many arguments instead of silently truncating. As a temporary workaround, consider restricting the use of the tracing/probes functionality to minimize the risk of exploitation.