CVE-2024-45020 is a vulnerability identified in the Linux kernel's Berkeley Packet Filter (BPF) subsystem, specifically related to the kernel verifier's stacksafe() function. The issue arises from an invalid memory access during verification of BPF programs that use extended scheduling features (sched-ext). The root cause is a missing boundary check in the stacksafe() function: when iterating over the 'old->allocated_stack' array, the code accesses 'cur->stack[spi].slot_type' without verifying that the index 'i' is less than 'cur->allocated_stack'. If 'cur->allocated_stack' is smaller than 'old->allocated_stack', this leads to an out-of-bounds read, causing the kernel verifier to crash. This crash can potentially be triggered by a crafted BPF program, leading to denial of service (DoS) by crashing the kernel verifier, which is critical for loading and validating BPF programs. The fix involves adding a check to ensure 'i >= cur->allocated_stack' causes stacksafe() to fail safely, preventing out-of-bounds access. Since BPF programs are widely used for network packet filtering, tracing, and security monitoring, this vulnerability could affect any Linux system running vulnerable kernel versions that support BPF and sched-ext features. No known exploits are reported in the wild as of now, and no CVSS score has been assigned yet.

For European organizations, the impact of CVE-2024-45020 primarily involves potential denial of service conditions on Linux systems that utilize BPF for networking, security, or performance monitoring. Since BPF is integral to many modern Linux distributions and is used extensively in cloud infrastructure, container environments, and network appliances, a successful exploitation could disrupt critical services by crashing the kernel verifier, preventing BPF programs from loading or running correctly. This could degrade network security monitoring, packet filtering, or system tracing capabilities, potentially exposing organizations to further risks. Additionally, if attackers can repeatedly trigger the crash, it may lead to system instability or downtime. While this vulnerability does not directly lead to privilege escalation or code execution, the resulting service disruption could impact availability and operational continuity, which is significant for sectors relying on high availability such as finance, healthcare, and critical infrastructure within Europe.

European organizations should prioritize updating their Linux kernels to versions that include the patch for CVE-2024-45020 as soon as vendor patches become available. Until patched, administrators should audit the use of BPF programs, especially those leveraging extended scheduling features (sched-ext), and restrict untrusted users from loading or modifying BPF programs. Implementing strict access controls on who can load BPF programs (e.g., limiting CAP_BPF or CAP_SYS_ADMIN capabilities) reduces the attack surface. Monitoring kernel logs for verifier crashes can provide early detection of attempted exploitation. For environments using containers or orchestration platforms, ensure that container runtimes and orchestration tools are configured to prevent unprivileged BPF program loading. Additionally, applying kernel lockdown features or mandatory access control policies (e.g., SELinux, AppArmor) can help mitigate exploitation risks. Finally, organizations should maintain robust incident response plans to quickly address any service disruptions caused by this vulnerability.