CVE-2024-46785

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.52

Description A null pointer accessing vulnerability was found in the Linux kernel's eventfs. The issue occurs when the variable 'ei child' is set to LIST POISON1, indicating that the list was removed in eventfs remove rec, and then an attempt is made to access ei child->is freed, resulting in a panic. This vulnerability can be reproduced using a specific script that involves echoing commands to /sys/kernel/debug/tracing/kprobe events and running a tree command on /sys/kernel/debug/tracing/events/kprobes/. The vulnerability is related to the use of list del rcu() for SRCU protected list variables.

Recommendations To resolve this issue, update the Linux kernel to version 6.6.52 or later. As a temporary workaround, consider disabling the eventfs iterate function until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the variable 'ei child' in the affected API endpoint until the issue is resolved.