DEBIAN-CVE-2024-56665
- Source
- https://security-tracker.debian.org/tracker/CVE-2024-56665
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-56665.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2024-56665
- Upstream
- Published
- 2024-12-27T15:15:26Z
- Modified
- 2025-09-19T07:35:24.843727Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: bpf,perf: Fix invalid progarray access in perfeventdetachbpfprog Syzbot reported [1] crash that happens for following tracing scenario: - create tracepoint perf event with attr.inherit=1, attach it to the process and set bpf program to it - attached process forks -> chid creates inherited event the new child event shares the parent's bpf program and tpevent (hence progarray) which is global for tracepoint - exit both process and its child -> release both events - first perfeventdetachbpfprog call will release tpevent->progarray and second perfeventdetachbpfprog will crash, because tpevent->progarray is NULL The fix makes sure the perfeventdetachbpfprog checks progarray is valid before it tries to remove the bpf program from it. [1] https://lore.kernel.org/bpf/Z1MR6dCIKajNS6nU@krava/T/#m91dbf0688221ec7a7fc95e896a7ef9ff93b0b8ad
- References
Affected packages
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.1.123-1
Affected versions
6.*
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:11 / linux-6.1
Package
- Name
- linux-6.1
- Purl
- pkg:deb/debian/linux-6.1?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.1.128-1~deb11u1