In the Linux kernel, the following vulnerability has been resolved: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE bpf_prog_attach uses attach_type_to_prog_type to enforce proper attach type for BPF_PROG_TYPE_CGROUP_SKB. link_create uses bpf_prog_get and relies on bpf_prog_attach_check_attach_type to properly verify prog_type <> attach_type association. Add missing attach_type enforcement for the link_create case. Otherwise, it's currently possible to attach cgroup_skb prog types to other cgroup hooks.
History

Thu, 19 Dec 2024 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/o:redhat:enterprise_linux:9

Thu, 12 Dec 2024 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_eus:9.2
cpe:/a:redhat:rhel_eus:9.2::nfv

Wed, 27 Nov 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:8::nfv
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:rhel_eus:8.8
Vendors & Products Redhat enterprise Linux

Sat, 16 Nov 2024 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.4
Vendors & Products Redhat rhel Eus

Fri, 06 Sep 2024 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus
CPEs cpe:/o:redhat:rhel_aus:8.6
cpe:/o:redhat:rhel_e4s:8.6
cpe:/o:redhat:rhel_tus:8.6
Vendors & Products Redhat
Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-06-19T13:35:32.222Z

Updated: 2024-12-19T09:04:38.488Z

Reserved: 2024-06-18T19:36:34.922Z

Link: CVE-2024-38564

cve-icon Vulnrichment

Updated: 2024-08-02T04:12:25.836Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-06-19T14:15:16.560

Modified: 2024-11-21T09:26:21.540

Link: CVE-2024-38564

cve-icon Redhat

Severity : Low

Publid Date: 2024-06-19T00:00:00Z

Links: CVE-2024-38564 - Bugzilla