Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Kprobes Module Crash Vulnerability After Ftrace Deactivation

Vulnerability

A vulnerability in the Linux kernel's kprobes module can lead to a crash when removing modules that have kprobes attached, after ftrace has been disabled by an error. This issue occurs because the kprobe on ftrace does not properly manage the kprobe_ftrace_disabled flag, which is set when ftrace is killed. The problem manifests as a page fault error, indicating that the kernel is trying to access an invalid memory address.

Impact

The vulnerability causes a kernel crash, specifically a page fault error, when modules with kprobes are removed after ftrace has been disabled.

Reproduction

To reproduce this vulnerability, first induce an error that causes ftrace to be killed. After ftrace is disabled, attempt to remove a kernel module that has kprobes attached. This will trigger a kernel crash due to an unhandled page fault.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.

Added: May 8, 2026, 8:52 PM
Updated: May 8, 2026, 8:52 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
3.4
remediation
7.7
relevance
7.8
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.