CVE-2024-56702

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A discrepancy exists between the reality that raw tracepoint arguments can be NULL and the verifier's knowledge that they are never NULL, causing explicit NULL checks to be deleted and accesses to such pointers potentially crashing the kernel. The issue arises because arguments to a raw tracepoint are tagged as trusted, implying the pointer will be non-NULL. However, in certain cases, a raw tracepoint argument may end up being NULL. To fix this, raw tracepoint arguments are marked as PTR MAYBE NULL, and special casing is applied to the dereference and pointer arithmetic to permit it. This change allows safe dereference and enables PROBE MEM marking when loads into trusted pointers with PTR MAYBE NULL are detected.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for marking raw tp arguments as PTR MAYBE NULL. As a temporary workaround, consider disabling the use of raw tracepoint arguments until a patch is available. Restrict access to the vulnerable bpf module to minimize the risk of exploitation. Avoid using the PTR TO BTF ID parameter in affected API endpoints until the issue is resolved. Apply the necessary configuration changes to ensure safe dereference of raw tracepoint arguments.