Linux Kernel Kprobes Probe Enabled Check Vulnerability in Kill Kprobe Function

A vulnerability in the Linux kernel's kprobes functionality has been addressed. The issue arose in the kill_kprobe() function, where the check for whether to call disarm_kprobe_ftrace() was always failing. This failure occurred because the KPROBE_FLAG_GONE flag was set before the check, causing it to misreport the probe's status. As a result, the disarm_kprobe_ftrace() call, which was introduced to fix a NULL pointer dereference issue, was not properly executed when needed. The vulnerability has been resolved by reordering the logic to check the probe's status before marking it as gone.

Impact

The vulnerability could lead to a NULL pointer dereference in the kprobe_ftrace_handler, as the necessary disarm_kprobe_ftrace() call was not being made when probes were enabled.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux kernel's official website.