{"id":"CVE-2024-38662","summary":"bpf: Allow delete from sockmap/sockhash only if update is allowed","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Allow delete from sockmap/sockhash only if update is allowed\n\nWe have seen an influx of syzkaller reports where a BPF program attached to\na tracepoint triggers a locking rule violation by performing a map_delete\non a sockmap/sockhash.\n\nWe don't intend to support this artificial use scenario. Extend the\nexisting verifier allowed-program-type check for updating sockmap/sockhash\nto also cover deleting from a map.\n\nFrom now on only BPF programs which were previously allowed to update\nsockmap/sockhash can delete from these map types.","modified":"2026-05-07T04:18:35.031033Z","published":"2024-06-21T11:15:12.202Z","related":["SUSE-SU-2024:3189-1","SUSE-SU-2024:3190-1","SUSE-SU-2024:3194-1","SUSE-SU-2024:3195-1","SUSE-SU-2024:3209-1","SUSE-SU-2024:3251-1","SUSE-SU-2024:3252-1","SUSE-SU-2024:3383-1","SUSE-SU-2024:3483-1","SUSE-SU-2025:20044-1","SUSE-SU-2025:20047-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/38xxx/CVE-2024-38662.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/000a65bf1dc04fb2b65e2abf116f0bc0fc2ee7b1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/11e8ecc5b86037fec43d07b1c162e233e131b1d9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/29467edc23818dc5a33042ffb4920b49b090e63d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6693b172f008846811f48a099f33effc26068e1e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/98e948fb60d41447fd8d2d0c3b8637fc6b6dc26d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b81e1c5a3c70398cf76631ede63a03616ed1ba3c"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/38xxx/CVE-2024-38662.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38662"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"dd54b48db0c822ae7b520bc80751f0a0a173ef75"},{"fixed":"29467edc23818dc5a33042ffb4920b49b090e63d"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"d1e73fb19a4c872d7a399ad3c66e8ca30e0875ec"},{"fixed":"11e8ecc5b86037fec43d07b1c162e233e131b1d9"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"a44770fed86515eedb5a7c00b787f847ebb134a5"},{"fixed":"6693b172f008846811f48a099f33effc26068e1e"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"668b3074aa14829e2ac2759799537a93b60fef86"},{"fixed":"000a65bf1dc04fb2b65e2abf116f0bc0fc2ee7b1"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"ff91059932401894e6c86341915615c5eb0eca48"},{"fixed":"b81e1c5a3c70398cf76631ede63a03616ed1ba3c"},{"fixed":"98e948fb60d41447fd8d2d0c3b8637fc6b6dc26d"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"f7990498b05ac41f7d6a190dc0418ef1d21bf058"},{"last_affected":"6af057ccdd8e7619960aca1f0428339f213b31cd"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38662.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.219"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.161"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.93"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.33"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.9.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38662.json"}}],"schema_version":"1.7.5"}