ACK/Cmt: [SRU][F][PATCH 0/1] CVE-2024-38662
Magali Lemes
magali.lemes at canonical.com
Tue Nov 26 20:26:52 UTC 2024
On 14/11/2024 18:38, Massimiliano Pellizzer wrote:
> [Impact]
>
> bpf: Allow delete from sockmap/sockhash only if update is allowed
>
> From now on only BPF programs which were previously allowed to update
> sockmap/sockhash can delete from these map types.
>
And since f:linux doesn't allow updating sockmap and sockhash map types
yet, that means no program at all will be able to delete either, right?
> [Fix]
>
> Noble: Fixed via stable updates (f8457aa6c401bf)
> Jammy: Fixed via stable updates (4aaeb3bf863dc1c)
> Focal: Backported from mainline
> Bionic: Not affected
> Xenial: Not affected
>
> [Test Case]
>
> Compile tested only.
>
> [Where problems could occur]
>
> The fix affects the BPF subsystem and in particular sockmap and sockhash
> structures. Users may see kernel warnings or experience system
> instability while performing socket operations when utilizing BPF-based
> socket management.
>
> Jakub Sitnicki (1):
> bpf: Allow delete from sockmap/sockhash only if update is allowed
>
> kernel/bpf/verifier.c | 2 --
> 1 file changed, 2 deletions(-)
>
Acked-by: Magali Lemes <magali.lemes at canonical.com>
More information about the kernel-team
mailing list