{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-12T00:40:05.433","vulnerabilities":[{"cve":{"id":"CVE-2024-56665","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-12-27T15:15:26.400","lastModified":"2025-11-03T21:18:17.160","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog\n\nSyzbot reported [1] crash that happens for following tracing scenario:\n\n  - create tracepoint perf event with attr.inherit=1, attach it to the\n    process and set bpf program to it\n  - attached process forks -> chid creates inherited event\n\n    the new child event shares the parent's bpf program and tp_event\n    (hence prog_array) which is global for tracepoint\n\n  - exit both process and its child -> release both events\n  - first perf_event_detach_bpf_prog call will release tp_event->prog_array\n    and second perf_event_detach_bpf_prog will crash, because\n    tp_event->prog_array is NULL\n\nThe fix makes sure the perf_event_detach_bpf_prog checks prog_array\nis valid before it tries to remove the bpf program from it.\n\n[1] https://lore.kernel.org/bpf/Z1MR6dCIKajNS6nU@krava/T/#m91dbf0688221ec7a7fc95e896a7ef9ff93b0b8ad"},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf,perf: Se corrige el acceso no válido a prog_array en perf_event_detach_bpf_prog Syzbot informó [1] un fallo que ocurre en el siguiente escenario de seguimiento: - crear un evento perf de tracepoint con attr.inherit=1, adjuntarlo al proceso y establecerle el programa bpf - el proceso adjunto se bifurca -> chid crea un evento heredado el nuevo evento secundario comparte el programa bpf del padre y tp_event (de ahí prog_array) que es global para tracepoint - salir tanto del proceso como de su hijo -> liberar ambos eventos - la primera llamada perf_event_detach_bpf_prog liberará tp_event->prog_array y la segunda perf_event_detach_bpf_prog se bloqueará, porque tp_event->prog_array es NULL La corrección asegura que las comprobaciones perf_event_detach_bpf_prog prog_array es válido antes de intentar eliminar el programa bpf de él. [1] https://lore.kernel.org/bpf/Z1MR6dCIKajNS6nU@krava/T/#m91dbf0688221ec7a7fc95e896a7ef9ff93b0b8ad"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.170","versionEndExcluding":"5.16","matchCriteriaId":"C7FE0726-C761-4349-9521-83EAB0A1FCB6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.115","versionEndExcluding":"6.1.121","matchCriteriaId":"5DAD94E3-C170-44EA-93AC-5712A955ED0C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.59","versionEndExcluding":"6.6.67","matchCriteriaId":"1CA5A1BF-E0D3-405F-8671-0923F72D88B8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11.6","versionEndExcluding":"6.12.6","matchCriteriaId":"A23E2ECD-FEEE-4F72-A40D-756B9EC8B8DF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*","matchCriteriaId":"62567B3C-6CEE-46D0-BC2E-B3717FBF7D13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*","matchCriteriaId":"5A073481-106D-4B15-B4C7-FB0213B8E1D4"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/842e5af282453983586e2eae3c8eaf252de5f22f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/978c4486cca5c7b9253d3ab98a88c8e769cb9bbd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c2b6b47662d5f2dfce92e5ffbdcac8229f321d9d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dfb15ddf3b65e0df2129f9756d1b4fa78055cdb3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}