CVE-2024-26737
CVE-2024-26737 is a Linux kernel vulnerability resolved by a patch that fixes a race between bpf_timer_cancel_and_free and bpf_timer_cancel, which could cause a use-after-free (UAF) of timer structures. The fix frees timer->timer after an RCU grace period (RCU head added to struct bpf_hrtimer)...