4.7

CVE-2024-38662

bpf: Allow delete from sockmap/sockhash only if update is allowed

In the Linux kernel, the following vulnerability has been resolved:

bpf: Allow delete from sockmap/sockhash only if update is allowed

We have seen an influx of syzkaller reports where a BPF program attached to
a tracepoint triggers a locking rule violation by performing a map_delete
on a sockmap/sockhash.

We don't intend to support this artificial use scenario. Extend the
existing verifier allowed-program-type check for updating sockmap/sockhash
to also cover deleting from a map.

From now on only BPF programs which were previously allowed to update
sockmap/sockhash can delete from these map types.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.10 < 5.10.219
LinuxLinux Kernel Version >= 5.15 < 5.15.161
LinuxLinux Kernel Version >= 6.1 < 6.1.93
LinuxLinux Kernel Version >= 6.6 < 6.6.33
LinuxLinux Kernel Version >= 6.9 < 6.9.4
LinuxLinux Kernel Version6.10.0 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.122
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/000a65bf1dc04fb2b65e2abf116f0bc0fc2ee7b1
Patch
Mailing List
https://git.kernel.org/stable/c/11e8ecc5b86037fec43d07b1c162e233e131b1d9
Patch
Mailing List
https://git.kernel.org/stable/c/29467edc23818dc5a33042ffb4920b49b090e63d
Patch
Mailing List
https://git.kernel.org/stable/c/6693b172f008846811f48a099f33effc26068e1e
Patch
Mailing List
https://git.kernel.org/stable/c/98e948fb60d41447fd8d2d0c3b8637fc6b6dc26d
Patch
Mailing List
https://git.kernel.org/stable/c/b81e1c5a3c70398cf76631ede63a03616ed1ba3c
Patch
Mailing List
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
https://cert-portal.siemens.com/productcert/html/ssa-613116.html