CVE-2024-35955

Updated:

Description:

In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take a time. `is_module_text_address()` and `__module_text_address()` works with MODULE_STATE_LIVE and MODULE_STATE_GOING. If we use `is_module_text_address()` and `__module_text_address()` separately, there is a chance that the first one is succeeded but the next one is failed because module->state becomes MODULE_STATE_UNFORMED between those operations. In `check_kprobe_address_safe()`, if the second `__module_text_address()` is failed, that is ignored because it expected a kernel_text address. But it may have failed simply because module->state has been changed to MODULE_STATE_UNFORMED. In this case, arm_kprobe() will try to modify non-exist module text address (use-after-free). To fix this problem, we should not use separated `is_module_text_address()` and `__module_text_address()`, but use only `__module_text_address()` once and do `try_module_get(module)` which is only available with MODULE_STATE_LIVE.

CVSS3: 8.8


Vendor State

OS Vendor version Errata
Debian 10 4.19.316-1 DLA-3840-1
Debian 10 cloud 4.19.316-1 DLA-3840-1
Ubuntu 20.04 5.4.0-189.209 USN-6896-1
Ubuntu 20.04 AWS 5.4.0-1128.138 USN-6896-5
Ubuntu 20.04 Azure 5.4.0-1133.140 USN-6896-1
Ubuntu 16.04 HWE ESM 4.15.0-228.240~16.04.1 USN-6972-1
Ubuntu 16.04 AWS HWE ESM 4.15.0-1172.185~16.04.1 USN-6972-2
Ubuntu 16.04 Azure ESM 4.15.0-1180.195~16.04.1 USN-6972-3
Debian 11 5.10.216-1 DSA-5681-1
Ubuntu 22.04 5.15.0-116.126 USN-6898-1
Ubuntu 22.04 AWS 5.15.0-1065.71 USN-6898-3
Ubuntu 22.04 Azure 5.15.0-1068.77 USN-6917-1
Ubuntu 20.04 HWE Azure 5.15.0-1068.77~20.04.1 USN-6917-1
Ubuntu 20.04 GCP 5.4.0-1132.141 USN-6896-1
Ubuntu 24.04 6.8.0-38.38 USN-6893-1

KernelCare State

OS Original kernel version State
Debian 10
Planned
Debian 10 cloud
Planned
Ubuntu 20.04
In Progress
Ubuntu 20.04 AWS
Planned
Ubuntu 20.04 Azure
In Progress
Ubuntu 16.04 HWE ESM
Planned
Ubuntu 16.04 AWS HWE ESM
Planned
Ubuntu 16.04 Azure ESM
Planned
Debian 11
Planned
Ubuntu 22.04
Ready For Release
Ubuntu 22.04 AWS
Planned
Ubuntu 22.04 Azure
Planned
Ubuntu 20.04 HWE Azure
Planned
Ubuntu 20.04 GCP
In Progress
Ubuntu 24.04
Planned