CVE-2024-50132: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a vulnerability (CVE-2024-50132) was discovered in the tracing/probes subsystem. When creating a traceprobe, the code would set nrargs prior to truncating the arguments to MAXTRACEARGS, but would only initialize arguments up to the limit. This issue was discovered in Linux kernel versions from 6.9 up to (excluding) 6.11.6, and in release candidates 6.12-rc1 through 6.12-rc4 (NVD).

The vulnerability occurs due to improper handling of the MAXTRACEARGS limit in the trace probe initialization process. When attempting to set up probes with more than 128 fetchargs, the code would cause invalid memory access, resulting in a NULL pointer dereference. The issue manifests with the error message: "BUG: kernel NULL pointer dereference, address: 0000000000000020" (Kernel Patch). The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a system crash through NULL pointer dereference when attempting to set up probes with more than 128 fetchargs, potentially causing a denial of service condition (NVD).

The issue has been fixed by applying the MAXTRACEARGS limit earlier in the process and returning an error when there are too many arguments instead of silently truncating them. The fix is available in Linux kernel version 6.11.6 and later versions (Kernel Patch).