CVE-2024-41045

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the bpf timer cancel and free function in the Linux kernel, where two timer callbacks trying to cancel each other can lead to a deadlock situation. This can be invoked through bpf map update elem, specifically when freeing map elements containing timers. The problem can be fixed by using hrtimer try to cancel, as the timer cannot be enqueued after async cancel and free. However, there exists a UAF scenario where the callback arms the timer before entering this function, and if cancellation fails, the RCU grace period expiration can free the bpf hrtimer state and the struct hrtimer. To resolve this, the bpf timer cancel and free function is modified to defer work to the global workqueue, adding a work struct alongside rcu head.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-833CWE-416

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALT-PU-2025-12647

AZL-62510

AZL-67776

BDU:2026-03540

CVE-2024-41045

ECHO-389F-4624-3AD5

OESA-2024-1960

OPENSUSE-SU-2024_3190-1

OPENSUSE-SU-2024_3209-1

OPENSUSE-SU-2024_3483-1

SUSE-SU-2024:3190-1

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3209-1

SUSE-SU-2024:3383-1

SUSE-SU-2024:3483-1

SUSE-SU-2025:20044-1

SUSE-SU-2025:20047-1

USN-7089-1

USN-7089-2

USN-7089-3

USN-7089-4

USN-7089-5

USN-7089-6

USN-7089-7

USN-7090-1

USN-7095-1

USN-7156-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Linux Kernel

Suse

Ubuntu

CVE-2024-41045

Weakness Enumeration

Related Identifiers

Affected Products

References · 1861