CVE-2024-56665

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description The issue is related to an invalid access to prog array in perf event detach bpf prog. A crash occurs when a tracepoint perf event with attr.inherit=1 is created, attached to a process, and a bpf program is set to it. When the attached process forks, the new child event shares the parent's bpf program and tp event, which is global for tracepoint. Upon exiting both the process and its child, the first perf event detach bpf prog call releases tp event->prog array, and the second call crashes because tp event->prog array is NULL. The fix ensures that perf event detach bpf prog checks if prog array is valid before attempting to remove the bpf program from it.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.74 or later. As a temporary workaround, consider disabling the perf event detach bpf prog function until a patch is available. Restrict access to the vulnerable tp event module to minimize the risk of exploitation. Avoid using the prog array variable in the affected perf event detach bpf prog function until the issue is resolved.