{
  "threat_severity" : "Moderate",
  "public_date" : "2024-10-21T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: bpf, lsm: Add check for BPF LSM return value",
    "id" : "2320249",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2320249"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-681",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nbpf, lsm: Add check for BPF LSM return value\nA bpf prog returning a positive number attached to file_alloc_security\nhook makes kernel panic.\nThis happens because file system can not filter out the positive number\nreturned by the LSM prog using IS_ERR, and misinterprets this positive\nnumber as a file pointer.\nGiven that hook file_alloc_security never returned positive number\nbefore the introduction of BPF LSM, and other BPF LSM hooks may\nencounter similar issues, this patch adds LSM return value check\nin verifier, to ensure no unexpected value is returned." ],
  "statement" : "The default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space.\nFor the Red Hat Enterprise Linux 9 to confirm the current state, inspect the sysctl with the command:\ncat /proc/sys/kernel/unprivileged_bpf_disabled\nThe setting of 1 would mean that unprivileged users can not use eBPF, mitigating the flaw.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-05-13T00:00:00Z",
    "advisory" : "RHSA-2025:6966",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.12.1.el9_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-05-13T00:00:00Z",
    "advisory" : "RHSA-2025:6966",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.12.1.el9_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Will not fix",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-47703\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-47703\nhttps://lore.kernel.org/linux-cve-announce/2024102115-CVE-2024-47703-36ea@gregkh/T" ],
  "name" : "CVE-2024-47703",
  "csaw" : false
}