CVE-2024-38662

Summary

In the Linux kernel, the following vulnerability has been resolved:

bpf: Allow delete from sockmap/sockhash only if update is allowed

We have seen an influx of syzkaller reports where a BPF program attached to a tracepoint triggers a locking rule violation by performing a map_delete on a sockmap/sockhash.

We don't intend to support this artificial use scenario. Extend the existing verifier allowed-program-type check for updating sockmap/sockhash to also cover deleting from a map.

From now on only BPF programs which were previously allowed to update sockmap/sockhash can delete from these map types.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxdd54b48db0c822ae7b520bc80751f0a0a173ef75 < 29467edc23818dc5a33042ffb4920b49b090e63daffected
LinuxLinuxd1e73fb19a4c872d7a399ad3c66e8ca30e0875ec < 11e8ecc5b86037fec43d07b1c162e233e131b1d9affected
LinuxLinuxa44770fed86515eedb5a7c00b787f847ebb134a5 < 6693b172f008846811f48a099f33effc26068e1eaffected
LinuxLinux668b3074aa14829e2ac2759799537a93b60fef86 < 000a65bf1dc04fb2b65e2abf116f0bc0fc2ee7b1affected
LinuxLinuxff91059932401894e6c86341915615c5eb0eca48 < b81e1c5a3c70398cf76631ede63a03616ed1ba3caffected
LinuxLinuxff91059932401894e6c86341915615c5eb0eca48 < 98e948fb60d41447fd8d2d0c3b8637fc6b6dc26daffected
LinuxLinuxf7990498b05ac41f7d6a190dc0418ef1d21bf058affected
LinuxLinux6af057ccdd8e7619960aca1f0428339f213b31cdaffected
LinuxLinux5.10.215 < 5.10.219affected
LinuxLinux5.15.154 < 5.15.161affected
LinuxLinux6.1.85 < 6.1.93affected
LinuxLinux6.6.26 < 6.6.33affected
LinuxLinux5.4.274 < 5.5affected
LinuxLinux6.8.5 < 6.9affected
LinuxLinux6.9affected
LinuxLinux0 < 6.9unaffected
LinuxLinux5.10.219 <= 5.10.*unaffected
LinuxLinux5.15.161 <= 5.15.*unaffected
LinuxLinux6.1.93 <= 6.1.*unaffected
LinuxLinux6.6.33 <= 6.6.*unaffected
LinuxLinux6.9.4 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

Additional References

References