CVE-2024-56665
Published: Dec 27, 2024
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog Syzbot reported [1] crash that happens for following tracing scenario: - create tracepoint perf event with attr.inherit=1, attach it to the process and set bpf program to it - attached process forks -> chid creates inherited event the new child event shares the parent's bpf program and tp_event (hence prog_array) which is global for tracepoint - exit both process and its child -> release both events - first perf_event_detach_bpf_prog call will release tp_event->prog_array and second perf_event_detach_bpf_prog will crash, because tp_event->prog_array is NULL The fix makes sure the perf_event_detach_bpf_prog checks prog_array is valid before it tries to remove the bpf program from it. [1] https://lore.kernel.org/bpf/Z1MR6dCIKajNS6nU@krava/T/#m91dbf0688221ec7a7fc95e896a7ef9ff93b0b8ad
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 7a5c653ede645693422e43cccaa3e8f905d21c74 - < 842e5af282453983586e2eae3c8eaf252de5f22faffected 21db2f35fa97e4a3447f2edeb7b2569a8bfdc83b - < c2b6b47662d5f2dfce92e5ffbdcac8229f321d9daffected 0ee288e69d033850bc87abe0f9cc3ada24763d7f - < dfb15ddf3b65e0df2129f9756d1b4fa78055cdb3affected 0ee288e69d033850bc87abe0f9cc3ada24763d7f - < 978c4486cca5c7b9253d3ab98a88c8e769cb9bbdaffected b4007d5fe38625b8a1b8edc0f385d86527651238+5 more versions |
Linux | Linux | affected 6.12unaffected 0 - < 6.12unaffected 6.1.121 - <= 6.1.*unaffected 6.6.67 - <= 6.6.*unaffected 6.12.6 - <= 6.12.*+1 more versions |
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now