PT-2024-3836 · Linux+5 · Linux Kernel+5

Zheng Yejian

·

Published

2024-04-10

·

Updated

2025-03-28

·

CVE-2024-35955

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to a possible use-after-free problem in the kprobes registration of the Linux kernel. When unloading a module, its state changes, and if is module text address() and module text address() are used separately, there is a chance that the first one succeeds but the next one fails because the module's state becomes MODULE STATE UNFORMED between these operations. In the check kprobe address safe() function, if the second module text address() fails, it is ignored because it expected a kernel text address, but it may have failed simply because the module's state has been changed to MODULE STATE UNFORMED. This can cause arm kprobe() to try to modify a non-existent module text address, resulting in a use-after-free issue.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

AZL-47642
AZL-47673
BDU:2024-04216
CVE-2024-35955
DLA-3840-1
DLA-3842-1
OESA-2024-1765
OESA-2024-1796
OESA-2024-2256
SUSE-SU-2024:1979-1
SUSE-SU-2024:1983-1
SUSE-SU-2024:2008-1
SUSE-SU-2024:2019-1
SUSE-SU-2024:2135-1
SUSE-SU-2024:2184-1
SUSE-SU-2024:2190-1
SUSE-SU-2024:2203-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20249-1
USN-6893-1
USN-6893-2
USN-6893-3
USN-6896-1
USN-6896-2
USN-6896-3
USN-6896-4
USN-6896-5
USN-6898-1
USN-6898-2
USN-6898-3
USN-6898-4
USN-6917-1
USN-6918-1
USN-6919-1
USN-6927-1
USN-6972-1
USN-6972-2
USN-6972-3
USN-6972-4
USN-7019-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu