{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-56665","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-12-27T15:00:39.844Z","datePublished":"2024-12-27T15:06:27.205Z","dateUpdated":"2025-11-03T20:52:14.574Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T13:01:12.270Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog\n\nSyzbot reported [1] crash that happens for following tracing scenario:\n\n  - create tracepoint perf event with attr.inherit=1, attach it to the\n    process and set bpf program to it\n  - attached process forks -> chid creates inherited event\n\n    the new child event shares the parent's bpf program and tp_event\n    (hence prog_array) which is global for tracepoint\n\n  - exit both process and its child -> release both events\n  - first perf_event_detach_bpf_prog call will release tp_event->prog_array\n    and second perf_event_detach_bpf_prog will crash, because\n    tp_event->prog_array is NULL\n\nThe fix makes sure the perf_event_detach_bpf_prog checks prog_array\nis valid before it tries to remove the bpf program from it.\n\n[1] https://lore.kernel.org/bpf/Z1MR6dCIKajNS6nU@krava/T/#m91dbf0688221ec7a7fc95e896a7ef9ff93b0b8ad"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/trace/bpf_trace.c"],"versions":[{"version":"7a5c653ede645693422e43cccaa3e8f905d21c74","lessThan":"842e5af282453983586e2eae3c8eaf252de5f22f","status":"affected","versionType":"git"},{"version":"21db2f35fa97e4a3447f2edeb7b2569a8bfdc83b","lessThan":"c2b6b47662d5f2dfce92e5ffbdcac8229f321d9d","status":"affected","versionType":"git"},{"version":"0ee288e69d033850bc87abe0f9cc3ada24763d7f","lessThan":"dfb15ddf3b65e0df2129f9756d1b4fa78055cdb3","status":"affected","versionType":"git"},{"version":"0ee288e69d033850bc87abe0f9cc3ada24763d7f","lessThan":"978c4486cca5c7b9253d3ab98a88c8e769cb9bbd","status":"affected","versionType":"git"},{"version":"b4007d5fe38625b8a1b8edc0f385d86527651238","status":"affected","versionType":"git"},{"version":"585674b9d0d80bd7f428b1f88be13cf6d5d6f739","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/trace/bpf_trace.c"],"versions":[{"version":"6.12","status":"affected"},{"version":"0","lessThan":"6.12","status":"unaffected","versionType":"semver"},{"version":"6.1.121","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.67","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.6","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.13","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.115","versionEndExcluding":"6.1.121"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.59","versionEndExcluding":"6.6.67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12","versionEndExcluding":"6.12.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12","versionEndExcluding":"6.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.170"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11.6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/842e5af282453983586e2eae3c8eaf252de5f22f"},{"url":"https://git.kernel.org/stable/c/c2b6b47662d5f2dfce92e5ffbdcac8229f321d9d"},{"url":"https://git.kernel.org/stable/c/dfb15ddf3b65e0df2129f9756d1b4fa78055cdb3"},{"url":"https://git.kernel.org/stable/c/978c4486cca5c7b9253d3ab98a88c8e769cb9bbd"}],"title":"bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"id":"CVE-2024-56665","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2025-10-01T19:59:51.275305Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","description":"CWE-noinfo Not enough information"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-01T20:07:09.798Z"}},{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T20:52:14.574Z"}}]}}