{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2024-38588",
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "state": "PUBLISHED",
        "assignerShortName": "Linux",
        "dateReserved": "2024-06-18T19:36:34.929Z",
        "datePublished": "2024-06-19T13:37:43.262Z",
        "dateUpdated": "2024-10-17T13:47:58.837Z"
    },
    "containers": {
        "cna": {
            "providerMetadata": {
                "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
                "shortName": "Linux",
                "dateUpdated": "2024-10-17T13:47:58.837Z"
            },
            "descriptions": [
                {
                    "lang": "en",
                    "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix possible use-after-free issue in ftrace_location()\n\nKASAN reports a bug:\n\n  BUG: KASAN: use-after-free in ftrace_location+0x90/0x120\n  Read of size 8 at addr ffff888141d40010 by task insmod/424\n  CPU: 8 PID: 424 Comm: insmod Tainted: G        W          6.9.0-rc2+\n  [...]\n  Call Trace:\n   <TASK>\n   dump_stack_lvl+0x68/0xa0\n   print_report+0xcf/0x610\n   kasan_report+0xb5/0xe0\n   ftrace_location+0x90/0x120\n   register_kprobe+0x14b/0xa40\n   kprobe_init+0x2d/0xff0 [kprobe_example]\n   do_one_initcall+0x8f/0x2d0\n   do_init_module+0x13a/0x3c0\n   load_module+0x3082/0x33d0\n   init_module_from_file+0xd2/0x130\n   __x64_sys_finit_module+0x306/0x440\n   do_syscall_64+0x68/0x140\n   entry_SYSCALL_64_after_hwframe+0x71/0x79\n\nThe root cause is that, in lookup_rec(), ftrace record of some address\nis being searched in ftrace pages of some module, but those ftrace pages\nat the same time is being freed in ftrace_release_mod() as the\ncorresponding module is being deleted:\n\n           CPU1                       |      CPU2\n  register_kprobes() {                | delete_module() {\n    check_kprobe_address_safe() {     |\n      arch_check_ftrace_location() {  |\n        ftrace_location() {           |\n          lookup_rec() // USE!        |   ftrace_release_mod() // Free!\n\nTo fix this issue:\n  1. Hold rcu lock as accessing ftrace pages in ftrace_location_range();\n  2. Use ftrace_location_range() instead of lookup_rec() in\n     ftrace_location();\n  3. Call synchronize_rcu() before freeing any ftrace pages both in\n     ftrace_process_locs()/ftrace_release_mod()/ftrace_free_mem()."
                }
            ],
            "affected": [
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "unaffected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "kernel/trace/ftrace.c"
                    ],
                    "versions": [
                        {
                            "version": "ae6aa16fdc16",
                            "lessThan": "1880a324af1c",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "ae6aa16fdc16",
                            "lessThan": "8ea8ef5e4217",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "ae6aa16fdc16",
                            "lessThan": "dbff5f0bfb24",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "ae6aa16fdc16",
                            "lessThan": "7b4881da5b19",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "ae6aa16fdc16",
                            "lessThan": "66df065b3106",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "ae6aa16fdc16",
                            "lessThan": "31310e373f4c",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "ae6aa16fdc16",
                            "lessThan": "e60b613df8b6",
                            "status": "affected",
                            "versionType": "git"
                        }
                    ]
                },
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "affected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "kernel/trace/ftrace.c"
                    ],
                    "versions": [
                        {
                            "version": "3.7",
                            "status": "affected"
                        },
                        {
                            "version": "0",
                            "lessThan": "3.7",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.10.227",
                            "lessThanOrEqual": "5.10.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.15.162",
                            "lessThanOrEqual": "5.15.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.1.93",
                            "lessThanOrEqual": "6.1.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.6.33",
                            "lessThanOrEqual": "6.6.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.8.12",
                            "lessThanOrEqual": "6.8.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.9.3",
                            "lessThanOrEqual": "6.9.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.10",
                            "lessThanOrEqual": "*",
                            "status": "unaffected",
                            "versionType": "original_commit_for_fix"
                        }
                    ]
                }
            ],
            "references": [
                {
                    "url": "https://git.kernel.org/stable/c/1880a324af1c95940a7c954b6b937e86844a33bd"
                },
                {
                    "url": "https://git.kernel.org/stable/c/8ea8ef5e42173560ac510e92a1cc797ffeea8831"
                },
                {
                    "url": "https://git.kernel.org/stable/c/dbff5f0bfb2416b8b55c105ddbcd4f885e98fada"
                },
                {
                    "url": "https://git.kernel.org/stable/c/7b4881da5b19f65709f5c18c1a4d8caa2e496461"
                },
                {
                    "url": "https://git.kernel.org/stable/c/66df065b3106964e667b37bf8f7e55ec69d0c1f6"
                },
                {
                    "url": "https://git.kernel.org/stable/c/31310e373f4c8c74e029d4326b283e757edabc0b"
                },
                {
                    "url": "https://git.kernel.org/stable/c/e60b613df8b6253def41215402f72986fee3fc8d"
                }
            ],
            "title": "ftrace: Fix possible use-after-free issue in ftrace_location()",
            "x_generator": {
                "engine": "bippy-c9c4e1df01b2"
            }
        },
        "adp": [
            {
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "timestamp": "2024-06-20T19:45:27.583238Z",
                                "id": "CVE-2024-38588",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "partial"
                                    }
                                ],
                                "role": "CISA Coordinator",
                                "version": "2.0.3"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-06-20T19:45:36.573Z"
                }
            },
            {
                "providerMetadata": {
                    "orgId": "af854a3a-2127-422b-91ae-364da2661108",
                    "shortName": "CVE",
                    "dateUpdated": "2024-08-02T04:12:25.894Z"
                },
                "title": "CVE Program Container",
                "references": [
                    {
                        "url": "https://git.kernel.org/stable/c/8ea8ef5e42173560ac510e92a1cc797ffeea8831",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/dbff5f0bfb2416b8b55c105ddbcd4f885e98fada",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/7b4881da5b19f65709f5c18c1a4d8caa2e496461",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/66df065b3106964e667b37bf8f7e55ec69d0c1f6",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/31310e373f4c8c74e029d4326b283e757edabc0b",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/e60b613df8b6253def41215402f72986fee3fc8d",
                        "tags": [
                            "x_transferred"
                        ]
                    }
                ]
            }
        ]
    }
}