PT-2024-26763 · Linux+5 · Linux Kernel+5

Published

2024-03-28

·

Updated

2026-03-13

·

CVE-2024-35860

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A vulnerability in the Linux kernel has been resolved by adding support to defer bpf link dealloc to after RCU grace period. BPF link for some program types is passed as a "context" which can be used by those BPF programs to look up additional information, such as multi-kprobes and multi-uprobes, which use the link to fetch BPF cookie values. The patch adds generic support to defer bpf link dealloc callback to after RCU GP, if requested, by exposing two different deallocation callbacks, one synchronous and one deferred. BPF is using two flavors of RCU: "classic" non-sleepable one and RCU tasks trace one.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Resource Release

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-476

Related Identifiers

BDU:2026-04385
CVE-2024-35860
ECHO-B762-927A-8B3A
SUSE-SU-2024:2008-1
SUSE-SU-2024:2019-1
SUSE-SU-2024:2135-1
SUSE-SU-2024:2190-1
SUSE-SU-2024:2203-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
USN-6893-1
USN-6893-2
USN-6893-3
USN-6918-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Suse
Ubuntu