-
CVE-2024-38564
- EPSS 0.02%
- Published 19.06.2024 14:15:16
- Last modified 21.11.2024 09:26:21
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- Teams watchlist Login
- Open Login
In the Linux kernel, the following vulnerability has been resolved: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE bpf_prog_attach uses attach_type_to_prog_type to enforce proper attach type for BPF_PROG_TYPE_CGROUP_SKB. link_create uses bpf_prog_get and relies on bpf_prog_attach_check_attach_type to properly verify prog_type <> attach_type association. Add missing attach_type enforcement for the link_create case. Otherwise, it's currently possible to attach cgroup_skb prog types to other cgroup hooks.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
≫
Product
Linux
Default Statusunaffected
Version <
6675c541f540a29487a802d3135280b69b9f568d
Version
4a1e7c0c63e02daad751842b7880f9bbcdfb6e89
Status
affected
Version <
67929e973f5a347f05fef064fea4ae79e7cdb5fd
Version
4a1e7c0c63e02daad751842b7880f9bbcdfb6e89
Status
affected
Version <
b34bbc76651065a5eafad8ddff1eb8d1f8473172
Version
4a1e7c0c63e02daad751842b7880f9bbcdfb6e89
Status
affected
Version <
543576ec15b17c0c93301ac8297333c7b6e84ac7
Version
4a1e7c0c63e02daad751842b7880f9bbcdfb6e89
Status
affected
VendorLinux
≫
Product
Linux
Default Statusaffected
Version
5.10
Status
affected
Version <
5.10
Version
0
Status
unaffected
Version <=
6.6.*
Version
6.6.33
Status
unaffected
Version <=
6.8.*
Version
6.8.12
Status
unaffected
Version <=
6.9.*
Version
6.9.3
Status
unaffected
Version <=
*
Version
6.10
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.049 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|