CVE-2024-58060: 
Linux Kernel vulnerability analysis and mitigation

A Use-After-Free (UAF) vulnerability has been identified in the Linux kernel's bpfstructops functionality when CONFIGMODULES=n. The vulnerability, tracked as CVE-2024-58060, specifically affects the tcpcongestion_ops component that contains a 'struct module *owner' member. The issue was discovered and reported by Robert Morris, with the fix being implemented in early 2025 (Kernel Git).

The vulnerability occurs when bpfstructops attempts to handle structops that contain a 'struct module *owner' member. The issue manifests when CONFIGMODULES=n, causing the btfid of the 'struct module' to be missing, resulting in the warning 'WARN: resolvebtfids: unresolved symbol module'. This prevents bpftrymodule_get() from performing correct refcounting, potentially leading to a Use-After-Free condition. The CVSS v3.1 score for this vulnerability is 7.8 HIGH (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) (NVD).

The vulnerability could potentially lead to a Use-After-Free condition in the Linux kernel when using bpfstructops with CONFIG_MODULES disabled. This could result in system instability, potential privilege escalation, or system crashes. The high CVSS score indicates significant potential impact on system confidentiality, integrity, and availability (CISA-ADP).

A fix has been implemented that rejects structops registration if the structops has the 'struct module *' member and the 'struct module' btfid is missing. The patch includes moving the btftypeisfwd() helper to the btf.h header file for testing. The fix has been merged into the kernel codebase (Kernel Git).