[SRU][F][PATCH 0/1] CVE-2024-38662
Massimiliano Pellizzer
massimiliano.pellizzer at canonical.com
Thu Nov 14 21:38:05 UTC 2024
[Impact]
bpf: Allow delete from sockmap/sockhash only if update is allowed
>From now on only BPF programs which were previously allowed to update
sockmap/sockhash can delete from these map types.
[Fix]
Noble: Fixed via stable updates (f8457aa6c401bf)
Jammy: Fixed via stable updates (4aaeb3bf863dc1c)
Focal: Backported from mainline
Bionic: Not affected
Xenial: Not affected
[Test Case]
Compile tested only.
[Where problems could occur]
The fix affects the BPF subsystem and in particular sockmap and sockhash
structures. Users may see kernel warnings or experience system
instability while performing socket operations when utilizing BPF-based
socket management.
Jakub Sitnicki (1):
bpf: Allow delete from sockmap/sockhash only if update is allowed
kernel/bpf/verifier.c | 2 --
1 file changed, 2 deletions(-)
--
2.43.0
More information about the kernel-team
mailing list