CVE-2024-47675

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.58

Description The issue is related to a use-after-free vulnerability in the bpf uprobe multi link attach() function. If bpf link prime() fails, bpf uprobe multi link attach() frees the array of bpf uprobes without calling bpf uprobe unregister(), leading to a leak of bpf uprobe->uprobe and freeing bpf uprobe->consumer without removing it from the uprobe->consumers list. This vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider disabling the bpf uprobe multi link attach() function until a patch is available. Restrict access to the vulnerable bpf trace.c module to minimize the risk of exploitation. Avoid using the bpf uprobe parameter in the affected API endpoints until the issue is resolved.