PT-2024-10511 · Linux+5 · Linux Kernel+5

Published

2024-07-12

·

Updated

2025-02-03

·

CVE-2024-41004

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.9.0
Description The vulnerability is related to the tracing component in the Linux kernel. It causes kprobe event self-test failure when the kprobes and synth event generation test modules are built as built-in, rather than modules. This is because these modules are designed to add events and lock event file references in the module init function, and unlock and delete them in the module exit function. When built-in, these events are left locked in the kernel and never removed, leading to the failure.
Recommendations To resolve the issue, build the event generation tests only as modules, rather than built-in. This will ensure that the events are properly locked and unlocked, and the kprobe event self-test failure is avoided.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

BDU:2025-01062
CVE-2024-41004
DLA-4008-1
DSA-5730-1
DSA-5731-1
OESA-2024-1894
OESA-2024-1896
OESA-2024-1897
OPENSUSE-SU-2024_2947-1
SUSE-SU-2024:2894-1
SUSE-SU-2024:2939-1
SUSE-SU-2024:2947-1
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3383-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-6999-1
USN-6999-2
USN-7004-1
USN-7005-1
USN-7005-2
USN-7007-1
USN-7007-2
USN-7007-3
USN-7008-1
USN-7009-1
USN-7009-2
USN-7019-1
USN-7029-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu