Linux · Linux Kernel · CVE-2024-57934
The Linux kernel has resolved a NULL Pointer Dereference issue in its fgraph component.
The problem occurred in the ftrace return to handler() function, where a loop iterates over fgraph array[] elements.
If the compiler reloads fgraph array[] after checking for a fgraph stub, it may conflict with an update that introduces a fgraph stub, resulting in a NULL pointer dereference.
To fix this, a READ ONCE() has been added when accessing fgraph array[] to ensure that the compared gops match the processed gops later.
An exploit for this issue is not publicly available, but a similar patch can be found in commit 63a8dfb.
The vulnerable software is the Linux kernel, but the specific versions are not mentioned.
#LinuxKernel #NULLPointerDereference #fgraph #READ ONCE #functiongraph