CVE-2024-56786

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description A vulnerability in the Linux kernel related to BPF links has been fixed. The issue was with the BPF link's program, which could be freed before the BPF link itself, leading to a use-after-free situation. This occurred because the BPF program was being put early, before waiting for RCU GPs to go through. To fix this, the patch defers bpf prog put() until the BPF link's deallocation is ready to be performed. This delay can cause the BPF program freeing to be delayed by one extra RCU GP, but this is considered acceptable. The vulnerability is related to the bpf link and bpf prog structures, and the bpf prog put() and bpf link dealloc() functions.

Recommendations For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to fix the vulnerability. As a temporary workaround, consider disabling the bpf link functionality until a patch is available. Restrict access to the bpf prog structure to minimize the risk of exploitation. Avoid using the bpf prog put() function until the issue is resolved.