CVE ID : CVE-2024-38662
Published : June 21, 2024, 12:15 p.m. | 1 hour, 5 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved:
bpf: Allow delete from sockmap/sockhash only if update is allowed
We have seen an influx of syzkaller reports where a BPF program attached to
a tracepoint triggers a locking rule violation by performing a map_delete
on a sockmap/sockhash.
We don’t intend to support this artificial use scenario. Extend the
existing verifier allowed-program-type check for updating sockmap/sockhash
to also cover deleting from a map.
From now on only BPF programs which were previously allowed to update
sockmap/sockhash can delete from these map types.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…CVE ID : CVE-2024-38662
Published : June 21, 2024, 12:15 p.m. | 1 hour, 5 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved:
bpf: Allow delete from sockmap/sockhash only if update is allowed
We have seen an influx of syzkaller reports where a BPF program attached to
a tracepoint triggers a locking rule violation by performing a map_delete
on a sockmap/sockhash.
We don’t intend to support this artificial use scenario. Extend the
existing verifier allowed-program-type check for updating sockmap/sockhash
to also cover deleting from a map.
From now on only BPF programs which were previously allowed to update
sockmap/sockhash can delete from these map types.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…