Armis Vulnerability Intelligence Database

Description Preview

In the Linux kernel, a vulnerability has been identified where BPF programs attached to tracepoints can trigger a locking rule violation by attempting to delete from a sockmap/sockhash. This vulnerability arises from an artificial use scenario not intended to be supported. The issue has been addressed by extending the existing verifier allowed-program-type check for updating sockmap/sockhash to also cover deleting from a map. Moving forward, only BPF programs previously allowed to update sockmap/sockhash can delete from these map types.

Overview

The vulnerability allows BPF programs attached to tracepoints to trigger a locking rule violation by performing a map_delete operation on a sockmap/sockhash in the Linux kernel.

Remediation

To remediate this vulnerability, users are advised to update their Linux kernel to versions that include the fix for this issue. Specifically, ensure that BPF programs are only allowed to delete from sockmap/sockhash if they were previously permitted to update these map types. It is recommended to apply the necessary patches provided by the Linux kernel maintainers.

References

CVE-2024-38662: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38662
Linux kernel repository: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Patch for affected versions:
- https://git.kernel.org/stable/c/29467edc23818dc5a33042ffb4920b49b090e63d
- https://git.kernel.org/stable/c/11e8ecc5b86037fec43d07b1c162e233e131b1d9
- https://git.kernel.org/stable/c/6693b172f008846811f48a099f33effc26068e1e
- https://git.kernel.org/stable/c/000a65bf1dc04fb2b65e2abf116f0bc0fc2ee7b1
- https://git.kernel.org/stable/c/b81e1c5a3c70398cf76631ede63a03616ed1ba3c
- https://git.kernel.org/stable/c/98e948fb60d41447fd8d2d0c3b8637fc6b6dc26d

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

Manufacturing
Manufacturing
Health Care & Social Assistance
Health Care & Social Assistance
Professional, Scientific, & Technical Services
Professional, Scientific, & Technical Services
Public Administration
Public Administration
Finance and Insurance
Finance and Insurance
Management of Companies & Enterprises
Management of Companies & Enterprises
Arts, Entertainment & Recreation
Arts, Entertainment & Recreation
Educational Services
Educational Services
Other Services (except Public Administration)
Other Services (except Public Administration)
Transportation & Warehousing
Transportation & Warehousing
Retail Trade
Retail Trade
Information
Information
Agriculture, Forestry Fishing & Hunting
Agriculture, Forestry Fishing & Hunting
Construction
Construction
Real Estate Rental & Leasing
Real Estate Rental & Leasing
Wholesale Trade
Wholesale Trade
Accommodation & Food Services
Accommodation & Food Services
Administrative, Support, Waste Management & Remediation Services
Administrative, Support, Waste Management & Remediation Services
Mining
Mining
Utilities
Utilities

^{CVE-2024-38662:}CVE-2024-38662 is a vulnerability in the Linux kernel related to BPF programs attached to tracepoints triggering a locking rule violation by performing a map_delete on a sockmap/sockhash.

Description Preview

Overview

Remediation

References

Focus on What Matters

Let's talk!