Primary

Context

Linux Kernel Kprobes Vulnerability in Ftrace-Based Probes

Vulnerability

A vulnerability in the Linux kernel's kprobes mechanism can lead to a use-after-free error, particularly in ftrace-based probes. When unregistering a kprobe, if the probe has a post-handler but its child probes do not, the post-handler for the aggregate probe is cleared. This creates a mismatch, as the kprobe is disarmed using the wrong operations, triggering a warning and potentially causing a use-after-free error. The issue arises in version 6.1.0-rc4-dirty.

Impact

The vulnerability can cause a use-after-free error, which may lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by creating an ftrace-based kprobe with a post-handler, and then unregistering it while other child probes lack post-handlers. This will clear the post-handler of the aggregate probe, leading to a warning and a use-after-free error when the probe is disarmed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Kprobes Vulnerability in Ftrace-Based Probes

Vulnerability

Impact

Reproduction

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating