CVE-2024-35955
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's kprobes subsystem allows attackers to potentially execute arbitrary code with kernel privileges. This occurs when unloading kernel modules creates a race condition during kprobe registration. All Linux systems using kprobes are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Full kernel compromise leading to complete system takeover, data exfiltration, or persistent backdoor installation.
Likely Case
Kernel panic causing system crash and denial of service, potentially leading to data corruption.
If Mitigated
Limited impact if kprobes are disabled or module unloading is restricted.
🎯 Exploit Status
Exploitation requires local access and ability to trigger the race condition during module unloading. Timing is critical for successful exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 2df2dd27066c, 325f3fb551f8, 36b57c7d2f8b, 5062d1f4f07f, or 62029bc9ff2c
Vendor Advisory: https://git.kernel.org/stable/c/2df2dd27066cdba8041e46a64362325626bdfb2e
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable kprobes
linuxPrevent use of kprobes subsystem to eliminate attack surface
echo 0 > /sys/kernel/debug/kprobes/enabled
Restrict module loading
linuxPrevent loading/unloading of kernel modules
echo 1 > /proc/sys/kernel/modules_disabled
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized users from loading/unloading kernel modules
- Monitor system logs for kprobes-related activities and module loading/unloading events
🔍 How to Verify
Check if Vulnerable:
Check kernel version against affected ranges and verify if kprobes are enabled: cat /sys/kernel/debug/kprobes/enabledCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes one of the fix commits: uname -r and check with distribution's security advisories📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- Module loading/unloading events in system logs
- Kprobes registration failures
Network Indicators:
- None - local exploitation only
SIEM Query:
source="kernel" AND ("kprobe" OR "module" AND ("unload" OR "going" OR "unformed"))🔗 References
- https://git.kernel.org/stable/c/2df2dd27066cdba8041e46a64362325626bdfb2e
- https://git.kernel.org/stable/c/325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8
- https://git.kernel.org/stable/c/36b57c7d2f8b7de224980f1a284432846ad71ca0
- https://git.kernel.org/stable/c/5062d1f4f07facbdade0f402d9a04a788f52e26d
- https://git.kernel.org/stable/c/62029bc9ff2c17a4e3a2478d83418ec575413808
- https://git.kernel.org/stable/c/93eb31e7c3399e326259f2caa17be1e821f5a412
- https://git.kernel.org/stable/c/b5808d40093403334d939e2c3c417144d12a6f33
- https://git.kernel.org/stable/c/d15023fb407337028a654237d8968fefdcf87c2f
- https://git.kernel.org/stable/c/2df2dd27066cdba8041e46a64362325626bdfb2e
- https://git.kernel.org/stable/c/325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8
- https://git.kernel.org/stable/c/36b57c7d2f8b7de224980f1a284432846ad71ca0
- https://git.kernel.org/stable/c/5062d1f4f07facbdade0f402d9a04a788f52e26d
- https://git.kernel.org/stable/c/62029bc9ff2c17a4e3a2478d83418ec575413808
- https://git.kernel.org/stable/c/93eb31e7c3399e326259f2caa17be1e821f5a412
- https://git.kernel.org/stable/c/b5808d40093403334d939e2c3c417144d12a6f33
- https://git.kernel.org/stable/c/d15023fb407337028a654237d8968fefdcf87c2f
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
