CVE-2024-50194

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.11.4

Description: The Linux kernel has a bug in the arm64 uprobes code for big-endian kernels. The issue arises because the kernel does not convert the in-memory instruction encoding from little-endian to the kernel's native endianness before analyzing and simulating instructions. This can lead to several problems, including the kernel rejecting probing of safe instructions, permitting unsafe stepping of instructions, and simulating instructions incorrectly due to byte-swapped encoding. The endianness mismatch is not caught by the compiler or sparse due to the encoding of certain fields as arrays of u8 and the use of memcpy() without endianness handling. The issue is resolved by changing the affected fields to le32 and adding the appropriate le32 to cpu() conversions.

Recommendations: To resolve the issue, upgrade the Linux kernel to a version newer than 6.11.4. As a temporary workaround, consider disabling the use of arm64 uprobes on big-endian kernels until a patch is available. Restrict access to the vulnerable uprobe events and events/uprobes/enable endpoints to minimize the risk of exploitation. Avoid using the uprobe opcode t type and the arch uprobe analyze insn() and arch uprobe skip sstep() functions until the issue is resolved.