AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2024-56702: In the Linux kernel, the following vulnerability has been resolved: bpf: Mark raw_tp arguments with PTR_MAYBE_NULL Arg

mediumvulnerability

security

Source: NVD/CVE DatabaseDecember 28, 2024CVE-2024-56702

Summary

A vulnerability in the Linux kernel's BPF (Berkeley Packet Filter, a framework for running sandboxed programs in the kernel) verifier was causing it to incorrectly assume that raw tracepoint arguments (data passed to certain kernel monitoring hooks) could never be NULL, leading the verifier to delete necessary NULL checks and potentially crash the kernel. The fix marks these arguments as PTR_MAYBE_NULL (pointers that might be null) and adds special handling to allow safe operations on them, including enabling PROBE_MEM marking (a safer memory access mode) when loading from these pointers.

Solution / Mitigation

Mark raw_tp arguments as PTR_MAYBE_NULL and special case the dereference and pointer arithmetic to permit it. Enable PROBE_MEM marking when loads occur into trusted pointers with PTR_MAYBE_NULL. Do not apply this adjustment when ref_obj_id > 0, as acquired objects don't need such adjustment. Update the tp_btf_nullable selftest to reflect the new verifier behavior that no longer causes errors when directly dereferencing a raw tracepoint argument marked as __nullable.

Vulnerability Details

CVSS Score

5.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-476 CWE-476

Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-56702

First tracked: February 15, 2026 at 08:35 PM

Classified by LLM (prompt v3) · confidence: 95%