CVE-2024-57934

Published: Jan 21, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: fgraph: Add READ_ONCE() when accessing fgraph_array[] In __ftrace_return_to_handler(), a loop iterates over the fgraph_array[] elements, which are fgraph_ops. The loop checks if an element is a fgraph_stub to prevent using a fgraph_stub afterward. However, if the compiler reloads fgraph_array[] after this check, it might race with an update to fgraph_array[] that introduces a fgraph_stub. This could result in the stub being processed, but the stub contains a null "func_hash" field, leading to a NULL pointer dereference. To ensure that the gops compared against the fgraph_stub matches the gops processed later, add a READ_ONCE(). A similar patch appears in commit 63a8dfb ("function_graph: Add READ_ONCE() when accessing fgraph_array[]").

Vendor	Product	Versions
Linux	Linux	affected `37238abe3cb47b8daaa8706c9949f67b2a705cf1 - < b68b2a3fbacc7be720ef589d489bcacdd05c6d38` affected `37238abe3cb47b8daaa8706c9949f67b2a705cf1 - < d65474033740ded0a4fe9a097fce72328655b41d`
Linux	Linux	affected `6.11` unaffected `0 - < 6.11` unaffected `6.12.9 - <= 6.12.` unaffected `6.13 - <= `

References

https://git.kernel.org/stable/c/b68b2a3fbacc7be720ef589d489bcacdd05c6d38

https://git.kernel.org/stable/c/d65474033740ded0a4fe9a097fce72328655b41d

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-57934

Description

Affected Products

References