During LKRG development and testing I’ve found 7 Linux kernel bugs, 4 of them have CVE numbers (however, 1 CVE number covers 2 bugs):<\/p>\n\n\n\n\n\n\n\n
CVE-2021-3411<\/a> - Linux kernel: broken KRETPROBES and OPTIMIZER\nCVE-2020-27825<\/a> - Linux kernel: Use-After-Free in the ftrace ring buffer\n resizing logic due to a race condition\nCVE-2020-25220<\/a> - Linux kernel Use-After-Free in backported patch for\n CVE-2020-14356 (affected kernels: 4.9.x before 4.9.233,\n 4.14.x before 4.14.194, and 4.19.x before 4.19.140)\nCVE-2020-14356<\/a> - Linux kernel Use-After-Free in cgroup BPF component\n (affected kernels: since 4.5+ up to 5.7.10)<\/pre>\n\n\n\nI’ve also found 2 other issues related to the ftrace UAF bug (CVE-2020-27825<\/a>):<\/p>\n\n\n\n
- Deadlock issue which was not really addressed and devs said they will take a look and there is not much updates on that.<\/li>
- Problem with the code related to hwlatd <\/strong><\/em>kernel thread – it is incorrectly synchronizing with launcher \/ killer of it. You can have WARN in kernels all the time.<\/li><\/ul>\n\n\n\n
CVE-2021-3411<\/a> refers to 2 different type of bugs:<\/p>\n\n\n\n
- Broken KRETPROBE (recently reported)<\/li>
- Incompatibility of KPROBE optimizer with the latest changes in the linker.<\/li><\/ul>\n\n\n\n
Additionally, I’ve also found a bug with the kernel signal handling in dying process:<\/p>\n\n\n\n