CVE-2022-49779

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc4

Description A vulnerability has been resolved in the Linux kernel related to kprobes. The issue occurs when the post handler of an aggrprobe is cleared in the unregister kprobe top() function, but the aggrprobe is still armed with kprobe ipmodify ops. This can trigger a warning in disarm kprobe ftrace() and potentially cause a use-after-free error. The problem arises when a ftrace-based probe is unregistered, and the post handler is cleared, but later calls to disarm kprobe() use kprobe ftrace ops because the post handler is NULL.

Recommendations For Linux kernel versions prior to 6.1.0-rc4, consider updating to a newer version that includes the fix for this issue. As a temporary workaround, avoid using the kprobe-on-ftrace feature until the issue is resolved. Additionally, be cautious when unregistering kprobes to prevent potential use-after-free errors.