PT-2024-7050 · Linux+7 · Linux Kernel+7
Zheng Yejian
·
Published
2024-05-14
·
Updated
2025-09-29
·
CVE-2024-38588
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.37
Description
The issue is related to a possible use-after-free problem in the
ftrace location() function. This occurs because the lookup rec() function searches for an ftrace record of some address in ftrace pages of a module, while at the same time, those ftrace pages are being freed in ftrace release mod() as the corresponding module is being deleted. This can lead to a situation where the same memory location is accessed after it has been freed, potentially causing unexpected behavior or crashes. The root cause of this problem is a race condition between the register kprobes() and delete module() functions.Recommendations
To fix this issue, the following steps can be taken:
- Hold the rcu lock when accessing ftrace pages in
ftrace location range(). - Use
ftrace location range()instead oflookup rec()inftrace location(). - Call
synchronize rcu()before freeing any ftrace pages inftrace process locs(),ftrace release mod(), andftrace free mem(). Update the Linux kernel to version 6.6.37 or later to resolve this issue.
Exploit
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu