CVE-2024-38662: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-38662 is a vulnerability in the Linux kernel that was discovered and disclosed on June 21, 2024. The vulnerability affects the BPF (Berkeley Packet Filter) subsystem, specifically involving a locking rule violation when a BPF program attached to a tracepoint performs a map_delete operation on sockmap/sockhash. The issue impacts multiple versions of the Linux kernel, including versions 5.10 through 5.10.219, 5.15 through 5.15.161, 6.1 through 6.1.93, 6.6 through 6.6.33, and 6.9 through 6.9.4 (NVD).

The vulnerability occurs when a BPF program attached to a tracepoint attempts to perform a map_delete operation on sockmap/sockhash, triggering a locking rule violation. The issue stems from an artificial use scenario that was not intended to be supported. The CVSS v3.1 base score for this vulnerability is 4.7 (Medium), with a vector string of CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N, indicating local access required, high attack complexity, low privileges required, no user interaction needed, and potential impact on integrity (NVD).

The vulnerability could potentially lead to integrity violations in the Linux kernel's BPF subsystem. While the confidentiality and availability of the system are not directly impacted, the vulnerability could allow an attacker with local access to manipulate the kernel's BPF program behavior in ways that were not intended (NVD).

The vulnerability has been patched by extending the existing verifier allowed-program-type check for updating sockmap/sockhash to also cover deleting from a map. The fix ensures that only BPF programs previously allowed to update sockmap/sockhash can delete from these map types. Multiple Linux distributions have released updates to address this vulnerability, including Ubuntu which has fixed the issue in versions 24.04 LTS (noble) and 22.04 LTS (jammy) (Kernel Patch).