CVE-2024-56786

Summary

CVE-2024-56786 is a Linux kernel vulnerability concerning the BPF (Berkeley Packet Filter) subsystem. This issue involves the improper ordering of program deallocation and link deallocation in the BPF link structure. Specifically, putting the program's memory into freeable memory before deallocating the link can result in a use-after-free situation. This patch aims to address this issue by deferring bpf_prog_put() until bpf_link_dealloc() is ready to be called. This change, though introducing a slight delay in program freeing, is deemed an acceptable solution. Additionally, the patch consolidates program put and link dealloc logic into a new bpf_link_dealloc() helper function to minimize code duplication. This update does not affect most BPF links, and only those with deferred deallocation will experience a slight delay in program freeing.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.