Huawei EulerOS: CVE-2024-38564: kernel security update

Huawei EulerOS: CVE-2024-38564: kernel security update

Severity

4

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

06/19/2024

Created

10/09/2024

Added

10/08/2024

Modified

10/08/2024

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE bpf_prog_attach uses attach_type_to_prog_type to enforce proper attach type for BPF_PROG_TYPE_CGROUP_SKB. link_create uses bpf_prog_get and relies on bpf_prog_attach_check_attach_type to properly verify prog_type <> attach_type association. Add missing attach_type enforcement for the link_create case. Otherwise, it's currently possible to attach cgroup_skb prog types to other cgroup hooks.

Solution(s)

• huawei-euleros-2_0_sp11-upgrade-bpftool
• huawei-euleros-2_0_sp11-upgrade-kernel
• huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists
• huawei-euleros-2_0_sp11-upgrade-kernel-tools
• huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs
• huawei-euleros-2_0_sp11-upgrade-python3-perf

References

• https://attackerkb.com/topics/cve-2024-38564
• CVE - 2024-38564
• EulerOS-SA-2024-2207