CVE-2024-44959

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50

Description The Linux kernel has a vulnerability in the tracefs module, where the use of generic inode RCU for synchronizing freeing can cause a list del corruption when running the ftrace selftests. This can lead to a kernel BUG and an invalid opcode error. The vulnerability is caused by the overlapping of RCU-used or initialized-only-once members in the struct inode, such as i lru or i sb list, when structure layout randomization is enabled.

Recommendations To resolve this issue, update the Linux kernel to version 6.6.50 or later. If updating is not possible, consider disabling the tracefs module or restricting its use to minimize the risk of exploitation. Additionally, ensure that any kernel modules that interact with the tracefs module are updated and configured correctly.