Linux Kernel uprobes/x86: Uretprobe Syscall Trampoline Check Vulnerability

Vulnerability

A vulnerability in the Linux kernel's uprobes subsystem for x86 architecture has been addressed. The issue arose because the trampoline_check_ip function could return an address near the lower limit of the allowed address space for syscall invocations, potentially leading to incorrect behavior if uretprobes were not properly configured. Although the minimum mmap address restrictions usually prevent creating mappings in that range, the kernel has been updated to ensure that uretprobe syscall checks account for this possibility.

Impact

Exploitation of this vulnerability could lead to improper handling of uretprobes, potentially allowing for unintended interactions with syscalls.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel uprobes/x86: Uretprobe Syscall Trampoline Check Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating