CVE-2024-26591
- Source
- https://cve.org/CVERecord?id=CVE-2024-26591
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26591.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-26591
- Downstream
- Related
- Published
- 2024-02-22T16:21:43.756Z
- Modified
- 2026-05-28T03:53:23.213811009Z
- Summary
- bpf: Fix re-attachment branch in bpf_tracing_prog_attach
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix re-attachment branch in bpftracingprog_attach
The following case can cause a crash due to missing attach_btf:
1) load rawtp program 2) load fentry program with rawtp as targetfd 3) create tracing link for fentry program with targetfd = 0 4) repeat 3
In the end we have:
- prog->aux->dst_trampoline == NULL
- tgtprog == NULL (because we did not provide targetfd to link_create)
- prog->aux->attachbtf == NULL (the program was loaded with attachprog_fd=X)
the program was loaded for tgt_prog but we have no way to find out which one
BUG: kernel NULL pointer dereference, address: 0000000000000058 Call Trace: <TASK> ? __die+0x20/0x70 ? pagefaultoops+0x15b/0x430 ? fixupexception+0x22/0x330 ? excpagefault+0x6f/0x170 ? asmexcpagefault+0x22/0x30 ? bpftracingprogattach+0x279/0x560 ? btfobjid+0x5/0x10 bpftracingprogattach+0x439/0x560 __sys_bpf+0x1cf4/0x2de0 __x64sysbpf+0x1c/0x30 dosyscall64+0x41/0xf0 entrySYSCALL64afterhwframe+0x6e/0x76
Return -EINVAL in this situation.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26591.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/50ae82f080cf87e84828f066c31723b781d68f5b
- https://git.kernel.org/stable/c/6cc9c0af0aa06f781fa515a1734b1a4239dfd2c0
- https://git.kernel.org/stable/c/715d82ba636cb3629a6e18a33bb9dbe53f9936ee
- https://git.kernel.org/stable/c/8c8bcd45e9b10eef12321f08d2e5be33d615509c
- https://git.kernel.org/stable/c/a7b98aa10f895e2569403896f2d19b73b6c95653
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26591.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-26591
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf3a95075549e0e5c36db922caf86847db7a35403Fixeda7b98aa10f895e2569403896f2d19b73b6c95653Fixed6cc9c0af0aa06f781fa515a1734b1a4239dfd2c0Fixed8c8bcd45e9b10eef12321f08d2e5be33d615509cFixed50ae82f080cf87e84828f066c31723b781d68f5bFixed715d82ba636cb3629a6e18a33bb9dbe53f9936ee