Home

Description

In the Linux kernel, the following vulnerability has been resolved: fprobe: Release rethook after the ftrace_ops is unregistered While running bpf selftests it's possible to get following fault: general protection fault, probably for non-canonical address \ 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC NOPTI ... Call Trace: <TASK> fprobe_handler+0xc1/0x270 ? __pfx_bpf_testmod_init+0x10/0x10 ? __pfx_bpf_testmod_init+0x10/0x10 ? bpf_fentry_test1+0x5/0x10 ? bpf_fentry_test1+0x5/0x10 ? bpf_testmod_init+0x22/0x80 ? do_one_initcall+0x63/0x2e0 ? rcu_is_watching+0xd/0x40 ? kmalloc_trace+0xaf/0xc0 ? do_init_module+0x60/0x250 ? __do_sys_finit_module+0xac/0x120 ? do_syscall_64+0x37/0x90 ? entry_SYSCALL_64_after_hwframe+0x72/0xdc </TASK> In unregister_fprobe function we can't release fp->rethook while it's possible there are some of its users still running on another cpu. Moving rethook_free call after fp->ops is unregistered with unregister_ftrace_function call.

PUBLISHED Reserved 2025-10-04 | Published 2025-10-04 | Updated 2025-10-04 | Assigner Linux

Product status

Default status
unaffected

5b0ab78998e32564a011b14c4c7f9c81e2d42b9d before ce3ec57faff559ccae1e0150c1f077eb2df648a4
affected

5b0ab78998e32564a011b14c4c7f9c81e2d42b9d before 03d63255a5783243c110aec5e6ae2f1475c3be76
affected

5b0ab78998e32564a011b14c4c7f9c81e2d42b9d before 5f81018753dfd4989e33ece1f0cb6b8aae498b82
affected

Default status
affected

5.18
affected

Any version before 5.18
unaffected

6.1.40
unaffected

6.4.5
unaffected

6.5
unaffected

References

git.kernel.org/...c/ce3ec57faff559ccae1e0150c1f077eb2df648a4

git.kernel.org/...c/03d63255a5783243c110aec5e6ae2f1475c3be76

git.kernel.org/...c/5f81018753dfd4989e33ece1f0cb6b8aae498b82

cve.org (CVE-2023-53557)

nvd.nist.gov (CVE-2023-53557)

Download JSON