CVE-2024-38564

bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE

Severity Score

4.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE

bpf_prog_attach uses attach_type_to_prog_type to enforce proper
attach type for BPF_PROG_TYPE_CGROUP_SKB. link_create uses
bpf_prog_get and relies on bpf_prog_attach_check_attach_type
to properly verify prog_type <> attach_type association.

Add missing attach_type enforcement for the link_create case.
Otherwise, it's currently possible to attach cgroup_skb prog
types to other cgroup hooks.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: bpf: agregue la aplicación del tipo de archivo adjunto BPF_PROG_TYPE_CGROUP_SKB en BPF_LINK_CREATE bpf_prog_attach usa adjunto_type_to_prog_type para aplicar el tipo de archivo adjunto adecuado para BPF_PROG_TYPE_CGROUP_SKB. link_create usa bpf_prog_get y se basa en bpf_prog_attach_check_attach_type para verificar correctamente la asociación prog_type <> adjunto_tipo. Agregue la aplicación de adjunto_tipo faltante para el caso link_create. De lo contrario, actualmente es posible adjuntar tipos de programa cgroup_skb a otros enlaces de cgroup.

*Credits: N/A

CVSS Scores

Red Hatv3.1 4.4

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-06-18 CVE Reserved
2024-06-19 CVE Published
2024-06-20 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-665: Improper Initialization

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/4a1e7c0c63e02daad751842b7880f9bbcdfb6e89	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/6675c541f540a29487a802d3135280b69b9f568d	2024-06-12
https://git.kernel.org/stable/c/67929e973f5a347f05fef064fea4ae79e7cdb5fd	2024-05-30
https://git.kernel.org/stable/c/b34bbc76651065a5eafad8ddff1eb8d1f8473172	2024-05-30
https://git.kernel.org/stable/c/543576ec15b17c0c93301ac8297333c7b6e84ac7	2024-04-30

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-38564	2024-09-04
https://bugzilla.redhat.com/show_bug.cgi?id=2293429	2024-09-04

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 6.6.33 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 6.6.33"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 6.8.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 6.8.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 6.9.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 6.9.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 6.10"		en		Affected