Listen to this Post
How the mentioned CVE works:
The vulnerability exists in the Linux kernel’s powerpc64/ftrace module loading code. The function `get_stubs_size()` incorrectly assumes a module will always contain at least one patchable function entry for tracing. If a module exports only data and no code, this function fails and returns an error code (-ENOEXEC). This error code is then incorrectly used as the size for a subsequent memory allocation via execmem_alloc(). The size value becomes zero after page alignment. The `__vmalloc_node_range()` function rejects zero-sized allocations, causing the module loading process to fail entirely. This results in a local Denial-of-Service, preventing legitimate modules from being loaded.
Platform: Linux Kernel
Version: powerpc64
Vulnerability: DoS
Severity: Low
date: 05/20/2025
Prediction: Patch expected by 07/20/2025
What Undercode Say:
`grep -r “__patchable_function_entries” /kernel/source/`
`objdump -h module.ko`
`make menuconfig CONFIG_FTRACE=n`
How Exploit:
Prevent module load.
Protection from this CVE
Update kernel.
Impact:
Module load failure.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
