CVE-2024-56702

Summary

CVE-2024-56702 is a vulnerability in the Linux kernel that affects raw tracepoint arguments. These arguments are currently tagged as trusted, leading to a discrepancy between the expected non-NULL status and potential NULL values. To address this, raw_tp arguments are now marked as PTR_MAYBE_NULL. This change allows for safe dereference with the help of PROBE_MEM marking for trusted pointers. It's important to note that this adjustment only applies to raw_tp programs and not to other arguments or helpers/kfuncs, which will be addressed in future patch sets. The vulnerability may also permit the dereference of non-raw_tp args marked as PTR_TO_BTF_ID with null marking, but this expanded behavior won't regress existing programs. An update to the selftest is required to capture the new behavior, ensuring that the verifier no longer causes an error when directly dereferencing raw tracepoint arguments marked as __nullable.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.