Linux Kernel BPF Struct Operations Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's BPF (Berkeley Packet Filter) struct operations. This issue arises when the kernel is configured with 'CONFIG_MODULES=n', leading to an unresolved symbol for the 'struct module', which is necessary for proper reference counting. The vulnerability specifically affects TCP congestion operations that include a 'struct module *owner' member. When the 'CONFIG_MODULES' option is disabled, the BPF struct operations cannot correctly manage reference counts, potentially leading to memory management issues.

Impact

Exploitation of this vulnerability could lead to a use-after-free condition, allowing for potential memory corruption or arbitrary code execution.

Remediation

The vulnerability has been addressed in the Linux kernel by disabling BPF struct operations registration for struct operations that include a 'struct module *owner' member, when the 'struct module' BTF ID is absent. Users should upgrade to the latest version of the Linux kernel where this patch has been applied.