CVE - CVE-2024-38588

CVE-ID
CVE-2024-38588	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix possible use-after-free issue in ftrace_location() KASAN reports a bug: BUG: KASAN: use-after-free in ftrace_location+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+ [...] Call Trace: <TASK> dump_stack_lvl+0x68/0xa0 print_report+0xcf/0x610 kasan_report+0xb5/0xe0 ftrace_location+0x90/0x120 register_kprobe+0x14b/0xa40 kprobe_init+0x2d/0xff0 [kprobe_example] do_one_initcall+0x8f/0x2d0 do_init_module+0x13a/0x3c0 load_module+0x3082/0x33d0 init_module_from_file+0xd2/0x130 __x64_sys_finit_module+0x306/0x440 do_syscall_64+0x68/0x140 entry_SYSCALL_64_after_hwframe+0x71/0x79 The root cause is that, in lookup_rec(), ftrace record of some address is being searched in ftrace pages of some module, but those ftrace pages at the same time is being freed in ftrace_release_mod() as the corresponding module is being deleted: CPU1 \| CPU2 register_kprobes() { \| delete_module() { check_kprobe_address_safe() { \| arch_check_ftrace_location() { \| ftrace_location() { \| lookup_rec() // USE! \| ftrace_release_mod() // Free! To fix this issue: 1. Hold rcu lock as accessing ftrace pages in ftrace_location_range(); 2. Use ftrace_location_range() instead of lookup_rec() in ftrace_location(); 3. Call synchronize_rcu() before freeing any ftrace pages both in ftrace_process_locs()/ftrace_release_mod()/ftrace_free_mem().
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/31310e373f4c8c74e029d4326b283e757edabc0b URL:https://git.kernel.org/stable/c/31310e373f4c8c74e029d4326b283e757edabc0b MISC:https://git.kernel.org/stable/c/66df065b3106964e667b37bf8f7e55ec69d0c1f6 URL:https://git.kernel.org/stable/c/66df065b3106964e667b37bf8f7e55ec69d0c1f6 MISC:https://git.kernel.org/stable/c/7b4881da5b19f65709f5c18c1a4d8caa2e496461 URL:https://git.kernel.org/stable/c/7b4881da5b19f65709f5c18c1a4d8caa2e496461 MISC:https://git.kernel.org/stable/c/8ea8ef5e42173560ac510e92a1cc797ffeea8831 URL:https://git.kernel.org/stable/c/8ea8ef5e42173560ac510e92a1cc797ffeea8831 MISC:https://git.kernel.org/stable/c/dbff5f0bfb2416b8b55c105ddbcd4f885e98fada URL:https://git.kernel.org/stable/c/dbff5f0bfb2416b8b55c105ddbcd4f885e98fada MISC:https://git.kernel.org/stable/c/e60b613df8b6253def41215402f72986fee3fc8d URL:https://git.kernel.org/stable/c/e60b613df8b6253def41215402f72986fee3fc8d
Assigning CNA
kernel.org
Date Record Created
20240618	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240618)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)