CVE-2024-40908: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-40908 affects the Linux kernel's BPF subsystem, specifically related to the rawtp testrun interface. The vulnerability was discovered when syzbot reported a crash that occurs when a rawtp program executed through the testrun interface calls the bpfgetattachcookie helper or any other helper that touches the task->bpfctx pointer. The issue was identified on July 12, 2024 (NVD).

The vulnerability stems from a missing run context setting in the BPF rawtp testrun callback. When a program attempts to access the task->bpfctx pointer through helpers like bpfgetattachcookie, it can lead to a crash due to the uninitialized context. The fix involves setting the run context (task->bpfctx pointer) for the testrun callback by adding proper initialization and cleanup of the bpftracerunctx structure (Kernel Commit).

The vulnerability can cause a system crash (denial of service) when exploited through the BPF subsystem's test_run interface. This affects systems running vulnerable versions of the Linux kernel that utilize BPF programs with specific helper functions (Ubuntu).

The vulnerability has been fixed in various Linux kernel versions. Ubuntu has released patches for multiple versions including 24.04 LTS (6.8.0-44.44), 22.04 LTS (5.15.0-121.131), and others. Users should update their kernel to the patched versions. The fix involves properly setting the run context for the rawtp test_run callback (Ubuntu).