CVE-2024-47675: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-47675 is a use-after-free vulnerability discovered in the Linux kernel's BPF (Berkeley Packet Filter) subsystem, specifically in the bpf_uprobe_multi_link_attach() function. The vulnerability was discovered and reported by syzkaller, Google's automated security testing tool (Kernel Git). The issue affects Linux kernel versions from 6.6 through 6.11.2 (NVD).

The vulnerability occurs when bpf_link_prime() fails in the bpf_uprobe_multi_link_attach() function. In this scenario, the code goes to the error_free label and frees the array of bpf_uprobe's without calling bpf_uprobe_unregister(). This leads to two issues: it leaks bpf_uprobe->uprobe and more critically, frees bpf_uprobe->consumer without removing it from the uprobe->consumers list. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The use-after-free vulnerability could potentially lead to privilege escalation, system crashes, or arbitrary code execution in the context of the kernel. The CVSS score of 7.8 indicates high potential impact on the confidentiality, integrity, and availability of the affected system (NVD).

The vulnerability has been fixed in the Linux kernel through a patch that properly handles the error case by adding an error_unregister label and ensuring bpf_uprobe_unregister() is called before freeing resources. The fix has been backported to affected stable kernel versions (Kernel Git).