CVE-2024-47675

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-47675
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47675.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-47675
Downstream
Related
Published
2024-10-21T11:53:19.762Z
Modified
2025-11-16T04:41:10.218264Z
Summary
bpf: Fix use-after-free in bpf_uprobe_multi_link_attach()
Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix use-after-free in bpfuprobemultilinkattach()

If bpflinkprime() fails, bpfuprobemultilinkattach() goes to the errorfree label and frees the array of bpfuprobe's without calling bpfuprobeunregister().

This leaks bpfuprobe->uprobe and worse, this frees bpfuprobe->consumer without removing it from the uprobe->consumers list.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
89ae89f53d201143560f1e9ed4bfa62eee34f88e
Fixed
790c630ab0e7d7aba6d186581d4627c09fce60f3
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
89ae89f53d201143560f1e9ed4bfa62eee34f88e
Fixed
7c1d782e5afbf7c50ba74ecc4ddc18a05d63e5ee
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
89ae89f53d201143560f1e9ed4bfa62eee34f88e
Fixed
cdf27834c3dd5d9abf7eb8e4ee87ee9e307eb25c
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
89ae89f53d201143560f1e9ed4bfa62eee34f88e
Fixed
5fe6e308abaea082c20fbf2aa5df8e14495622cf

Affected versions

v6.*

v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.10.1
v6.10.10
v6.10.11
v6.10.12
v6.10.2
v6.10.3
v6.10.4
v6.10.5
v6.10.6
v6.10.7
v6.10.8
v6.10.9
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.11.1
v6.5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "digest": {
            "length": 2928.0,
            "function_hash": "305502381869536576462371819984786308019"
        },
        "id": "CVE-2024-47675-14958ccb",
        "target": {
            "file": "kernel/trace/bpf_trace.c",
            "function": "bpf_uprobe_multi_link_attach"
        },
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7c1d782e5afbf7c50ba74ecc4ddc18a05d63e5ee",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "digest": {
            "length": 3009.0,
            "function_hash": "213745321592824124653441947533362112527"
        },
        "id": "CVE-2024-47675-26b6aa56",
        "target": {
            "file": "kernel/trace/bpf_trace.c",
            "function": "bpf_uprobe_multi_link_attach"
        },
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5fe6e308abaea082c20fbf2aa5df8e14495622cf",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "232199977138761564168210356081594199480",
                "101323648324336881436773907868666273690",
                "4967378215155633796116851223972606131",
                "278620120578700354659069744431450035357",
                "158774310169381428248402635715860720586",
                "277014516990592047080037467496325750929",
                "101475221164334993028755123171615563407",
                "141945848821265755988191446249006564694",
                "12265625284228822904932384632656278727",
                "34261639046523092821786229302155258623",
                "101982025419750827815246399955645663173"
            ]
        },
        "id": "CVE-2024-47675-31bc9d1d",
        "target": {
            "file": "kernel/trace/bpf_trace.c"
        },
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@790c630ab0e7d7aba6d186581d4627c09fce60f3",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "digest": {
            "length": 2868.0,
            "function_hash": "121455037651190632890074708366412547706"
        },
        "id": "CVE-2024-47675-6343f95c",
        "target": {
            "file": "kernel/trace/bpf_trace.c",
            "function": "bpf_uprobe_multi_link_attach"
        },
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@790c630ab0e7d7aba6d186581d4627c09fce60f3",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "219582070680777183005339033210717829257",
                "338819974304222125572662702924523675522",
                "159475174349691254553482777674632207477",
                "60811969985098998766677117536211116744",
                "158774310169381428248402635715860720586",
                "277014516990592047080037467496325750929",
                "101475221164334993028755123171615563407",
                "141945848821265755988191446249006564694",
                "12265625284228822904932384632656278727",
                "34261639046523092821786229302155258623",
                "101982025419750827815246399955645663173"
            ]
        },
        "id": "CVE-2024-47675-725ea84c",
        "target": {
            "file": "kernel/trace/bpf_trace.c"
        },
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5fe6e308abaea082c20fbf2aa5df8e14495622cf",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "232199977138761564168210356081594199480",
                "101323648324336881436773907868666273690",
                "4967378215155633796116851223972606131",
                "278620120578700354659069744431450035357",
                "158774310169381428248402635715860720586",
                "277014516990592047080037467496325750929",
                "101475221164334993028755123171615563407",
                "141945848821265755988191446249006564694",
                "12265625284228822904932384632656278727",
                "34261639046523092821786229302155258623",
                "101982025419750827815246399955645663173"
            ]
        },
        "id": "CVE-2024-47675-8cb54b48",
        "target": {
            "file": "kernel/trace/bpf_trace.c"
        },
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7c1d782e5afbf7c50ba74ecc4ddc18a05d63e5ee",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "232199977138761564168210356081594199480",
                "101323648324336881436773907868666273690",
                "4967378215155633796116851223972606131",
                "278620120578700354659069744431450035357",
                "158774310169381428248402635715860720586",
                "277014516990592047080037467496325750929",
                "101475221164334993028755123171615563407",
                "141945848821265755988191446249006564694",
                "12265625284228822904932384632656278727",
                "34261639046523092821786229302155258623",
                "101982025419750827815246399955645663173"
            ]
        },
        "id": "CVE-2024-47675-bbb82b81",
        "target": {
            "file": "kernel/trace/bpf_trace.c"
        },
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cdf27834c3dd5d9abf7eb8e4ee87ee9e307eb25c",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "digest": {
            "length": 2928.0,
            "function_hash": "305502381869536576462371819984786308019"
        },
        "id": "CVE-2024-47675-dc5adbcf",
        "target": {
            "file": "kernel/trace/bpf_trace.c",
            "function": "bpf_uprobe_multi_link_attach"
        },
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cdf27834c3dd5d9abf7eb8e4ee87ee9e307eb25c",
        "deprecated": false
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.6.0
Fixed
6.6.54
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.10.13
Type
ECOSYSTEM
Events
Introduced
6.11.0
Fixed
6.11.2