CVE-2024-38662

bpf: Allow delete from sockmap/sockhash only if update is allowed

Severity Score

4.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

bpf: Allow delete from sockmap/sockhash only if update is allowed

We have seen an influx of syzkaller reports where a BPF program attached to
a tracepoint triggers a locking rule violation by performing a map_delete
on a sockmap/sockhash.

We don't intend to support this artificial use scenario. Extend the
existing verifier allowed-program-type check for updating sockmap/sockhash
to also cover deleting from a map.

From now on only BPF programs which were previously allowed to update
sockmap/sockhash can delete from these map types.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: bpf: permitir la eliminación de sockmap/sockhash solo si se permite la actualización. Hemos visto una afluencia de informes de syzkaller donde un programa BPF adjunto a un punto de seguimiento desencadena una violación de la regla de bloqueo al realizar un map_delete en un mapa de calcetines/sockhash. No pretendemos apoyar este escenario de uso artificial. Amplíe la verificación de tipo de programa permitido del verificador existente para actualizar sockmap/sockhash para cubrir también la eliminación de un mapa. De ahora en adelante, sólo los programas BPF a los que anteriormente se les permitía actualizar sockmap/sockhash pueden eliminar de estos tipos de mapas.

*Credits: N/A

CVSS Scores

NISTv3.1 4.7

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-06-21 CVE Reserved
2024-06-21 CVE Published
2024-06-25 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (14)

URL	Tag	Source
https://git.kernel.org/stable/c/dd54b48db0c822ae7b520bc80751f0a0a173ef75	Vuln. Introduced
https://git.kernel.org/stable/c/d1e73fb19a4c872d7a399ad3c66e8ca30e0875ec	Vuln. Introduced
https://git.kernel.org/stable/c/a44770fed86515eedb5a7c00b787f847ebb134a5	Vuln. Introduced
https://git.kernel.org/stable/c/668b3074aa14829e2ac2759799537a93b60fef86	Vuln. Introduced
https://git.kernel.org/stable/c/ff91059932401894e6c86341915615c5eb0eca48	Vuln. Introduced
https://git.kernel.org/stable/c/f7990498b05ac41f7d6a190dc0418ef1d21bf058	Vuln. Introduced
https://git.kernel.org/stable/c/913c30f827e17d8cda1da6eeb990f350d36cb69b	Vuln. Introduced
https://git.kernel.org/stable/c/6af057ccdd8e7619960aca1f0428339f213b31cd	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/29467edc23818dc5a33042ffb4920b49b090e63d	2024-06-16
https://git.kernel.org/stable/c/11e8ecc5b86037fec43d07b1c162e233e131b1d9	2024-06-16
https://git.kernel.org/stable/c/6693b172f008846811f48a099f33effc26068e1e	2024-06-12
https://git.kernel.org/stable/c/000a65bf1dc04fb2b65e2abf116f0bc0fc2ee7b1	2024-06-12
https://git.kernel.org/stable/c/b81e1c5a3c70398cf76631ede63a03616ed1ba3c	2024-06-12
https://git.kernel.org/stable/c/98e948fb60d41447fd8d2d0c3b8637fc6b6dc26d	2024-05-27

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.215 < 5.10.219 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.215 < 5.10.219"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.154 < 5.15.161 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.154 < 5.15.161"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.85 < 6.1.93 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.85 < 6.1.93"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.26 < 6.6.33 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.26 < 6.6.33"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.9 < 6.9.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.9 < 6.9.4"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.9 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.9 < 6.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.4.274 Search vendor "Linux" for product "Linux Kernel" and version "5.4.274"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.6.48 Search vendor "Linux" for product "Linux Kernel" and version "6.6.48"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.8.5 Search vendor "Linux" for product "Linux Kernel" and version "6.8.5"		en		Affected