In the Linux kernel, the following vulnerability has been resolved:
bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE
bpf_prog_attach uses attach_type_to_prog_type to enforce proper
attach type for BPF_PROG_TYPE_CGROUP_SKB. link_create uses
bpf_prog_get and relies on bpf_prog_attach_check_attach_type
to properly verify prog_type <> attach_type association.
Add missing attach_type enforcement for the link_create case.
Otherwise, it's currently possible to attach cgroup_skb prog
types to other cgroup hooks.
Metrics
Affected Vendors & Products
References
History
Thu, 19 Dec 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9 |
Thu, 12 Dec 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_eus:9.2::nfv |
Wed, 27 Nov 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat enterprise Linux
|
|
CPEs | cpe:/a:redhat:enterprise_linux:8::nfv cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:rhel_eus:8.8 |
|
Vendors & Products |
Redhat enterprise Linux
|
Sat, 16 Nov 2024 02:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat rhel Eus
|
|
CPEs | cpe:/a:redhat:rhel_eus:9.4 | |
Vendors & Products |
Redhat rhel Eus
|
Fri, 06 Sep 2024 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat rhel Aus Redhat rhel E4s Redhat rhel Tus |
|
CPEs | cpe:/o:redhat:rhel_aus:8.6 cpe:/o:redhat:rhel_e4s:8.6 cpe:/o:redhat:rhel_tus:8.6 |
|
Vendors & Products |
Redhat
Redhat rhel Aus Redhat rhel E4s Redhat rhel Tus |
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-06-19T13:35:32.222Z
Updated: 2024-12-19T09:04:38.488Z
Reserved: 2024-06-18T19:36:34.922Z
Link: CVE-2024-38564
Vulnrichment
Updated: 2024-08-02T04:12:25.836Z
NVD
Status : Awaiting Analysis
Published: 2024-06-19T14:15:16.560
Modified: 2024-11-21T09:26:21.540
Link: CVE-2024-38564
Redhat