CVE-2024-26906

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.7.0+ #58

Description A vulnerability in the Linux kernel has been resolved, where a bpf program using bpf probe read kernel() to read from the vsyscall page invokes copy from kernel nofault(), which in turn calls get user asm(). This triggers a page fault exception because the vsyscall page address is not readable from kernel space. The handle page fault() function considers the vsyscall page address as a user space address instead of a kernel space address, resulting in the fix-up setup by bpf not being applied and a page fault oops() being invoked due to SMAP.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, for Linux kernel version 6.7.0+, ensure you are running a version later than #58. If you are using an earlier version, consider upgrading to a newer version to mitigate the risk. As a temporary workaround, consider restricting the use of bpf probe read kernel() to minimize the risk of exploitation.