CVE-2024-38566

2024-06-1914:15:16

416baaa9-dc9f-4396-8d5f-8c081fb06d67

web.nvd.nist.gov

linux kernel

bpf

struct socket

vulnerability

verifier assumptions

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix verifier assumptions about socket->sk

The verifier assumes that ‘sk’ field in ‘struct socket’ is valid
and non-NULL when ‘socket’ pointer itself is trusted and non-NULL.
That may not be the case when socket was just created and
passed to LSM socket_accept hook.
Fix this verifier assumption and adjust tests.

Affected configurations

Vulners

Node

linuxlinux_kernelRange6.4–6.6.33

linuxlinux_kernelRange6.7.0–6.8.12

linuxlinux_kernelRange6.9.0–6.9.3

linuxlinux_kernelRange6.10.0–6.10-rc1

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "kernel/bpf/verifier.c",
      "tools/testing/selftests/bpf/progs/bench_local_storage_create.c",
      "tools/testing/selftests/bpf/progs/local_storage.c",
      "tools/testing/selftests/bpf/progs/lsm_cgroup.c"
    ],
    "versions": [
      {
        "version": "6fcd486b3a0a",
        "lessThan": "39f8a29330f4",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "6fcd486b3a0a",
        "lessThan": "6f5ae91172a9",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "6fcd486b3a0a",
        "lessThan": "c58ccdd2483a",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "6fcd486b3a0a",
        "lessThan": "0db63c0b86e9",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "kernel/bpf/verifier.c",
      "tools/testing/selftests/bpf/progs/bench_local_storage_create.c",
      "tools/testing/selftests/bpf/progs/local_storage.c",
      "tools/testing/selftests/bpf/progs/lsm_cgroup.c"
    ],
    "versions": [
      {
        "version": "6.4",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.4",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.33",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.8.12",
        "lessThanOrEqual": "6.8.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9.3",
        "lessThanOrEqual": "6.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10-rc1",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]