{"vulnerability": "CVE-2024-3174", "sightings": [{"uuid": "dcf5f954-a074-4810-96bd-3485fc6a4a81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3174", "type": "seen", "source": "https://t.me/cvedetector/1029", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-3174 - \"Google Chrome V8 Object Corruption Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-3174 \nPublished : July 16, 2024, 11:15 p.m. | 44\u00a0minutes ago \nDescription : Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-17T02:19:54.000000Z"}, {"uuid": "818f9add-ba92-4c94-aceb-46408095f806", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3174", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8208", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-3174\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)\n\ud83d\udccf Published: 2024-07-16T22:14:03.618Z\n\ud83d\udccf Modified: 2025-03-20T14:40:52.636Z\n\ud83d\udd17 References:\n1. https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html\n2. https://issues.chromium.org/issues/40073339", "creation_timestamp": "2025-03-20T15:18:20.000000Z"}, {"uuid": "7632986e-7a68-4f87-8766-c08cd7c58a51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3174", "type": "seen", "source": "https://gist.github.com/adegoodyer/4ac687c6d25980f02401cab22a2f9f9e", "content": "# Copy Fail Blocker\n- [Copy Fail Blocker](#copy-fail-blocker)\n  - [Overview](#overview)\n  - [Issue](#issue)\n  - [Resources](#resources)\n  - [Check Vulnerability](#check-vulnerability)\n  - [Deploy Copy Fail Blocker Viability](#deploy-copy-fail-blocker-viability)\n  - [Deploy Copy Fail Blocker](#deploy-copy-fail-blocker)\n  - [Remove Copy Fail Blocker](#remove-copy-fail-blocker)\n\n## Overview\n- BPF-LSM mitigation for the copy fail vulnerability (CVE-2024-3174) in the Linux kernel\n- DaemonSet attaches single BPF-LSM program to the socket_create hook on every node\n- [GitHub: copy-fail-blocker](https://github.com/cozystack/copy-fail-blocker)\n\n## Issue\n- AWS haven't yet release an AMI that includes an upstream fix\n- upgrading to latest AMI version still has container version `kernel6.12-6.12.79-101.147.amzn2023` which is still vulnerable\n\n## Resources\n- [AWS Containers Roadmap](https://github.com/aws/containers-roadmap/issues/2808)\n- [ALSC Status updates](https://explore.alas.aws.amazon.com/CVE-2026-31431.html)\n\n## Check Vulnerability\n```bash\n# ssh into any EKS node\n\n# check for copy fail vulnerability\npython3 -c '\nimport socket\ntry:\n    socket.socket(socket.AF_ALG, socket.SOCK_SEQPACKET, 0)\n    print(\"FAIL: AF_ALG socket created - not protected\")\nexcept OSError as e:\n    print(\"OK:\", e)'\n\n# FAIL: AF_ALG socket created - not protected\n```\n\n## Deploy Copy Fail Blocker Viability\n```bash\n# check what BPF LSM is compiled in\ngrep CONFIG_BPF_LSM /boot/config-$(uname -r)\n# CONFIG_BPF_LSM=y\n\n# check bpf is in active LSM stack\ncat /sys/kernel/security/lsm\n# lockdown,capability,landlock,yama,safesetid,selinux,bpf,ima\n```\n\n## Deploy Copy Fail Blocker\n```bash\n# deploy copy fail blocker\nk  apply -f https://raw.githubusercontent.com/cozystack/copy-fail-blocker/v0.2.1/manifests/copy-fail-blocker.yaml\n\n# verify rollout\nk -n kube-system rollout status daemonset/copy-fail-blocker\n\n# verify copy fail is blocked\npython3 -c '\nimport socket\ntry:\n    socket.socket(socket.AF_ALG, socket.SOCK_SEQPACKET, 0)\n    print(\"FAIL: AF_ALG socket created - not protected\")\nexcept OSError as e:\n    print(\"OK:\", e)'\n\n# OK: [Errno 1] Operation not permitted\n```\n\n## Remove Copy Fail Blocker\n- remove once an AMI has been released with fix\n\n```bash\n# remove copy fail blocker\nk delete -f https://raw.githubusercontent.com/cozystack/copy-fail-blocker/v0.2.1/manifests/copy-fail-blocker.yaml\n```\n", "creation_timestamp": "2026-05-06T10:35:54.000000Z"}, {"uuid": "66b72f44-7d8f-4715-85b5-b8903ab55c3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3174", "type": "seen", "source": "https://gist.github.com/jpf-okteto/f82ba1e8aa47320b48288aa30a6192a9", "content": "# Copy Fail Blocker\n- [Copy Fail Blocker](#copy-fail-blocker)\n  - [Overview](#overview)\n  - [Issue](#issue)\n  - [Resources](#resources)\n  - [Check Vulnerability](#check-vulnerability)\n  - [Deploy Copy Fail Blocker Viability](#deploy-copy-fail-blocker-viability)\n  - [Deploy Copy Fail Blocker](#deploy-copy-fail-blocker)\n  - [Remove Copy Fail Blocker](#remove-copy-fail-blocker)\n\n## Overview\n- BPF-LSM mitigation for the copy fail vulnerability (CVE-2024-3174) in the Linux kernel\n- DaemonSet attaches single BPF-LSM program to the socket_create hook on every node\n- [GitHub: copy-fail-blocker](https://github.com/cozystack/copy-fail-blocker)\n\n## Issue\n- AWS haven't yet release an AMI that includes an upstream fix\n- upgrading to latest AMI version still has container version `kernel6.12-6.12.79-101.147.amzn2023` which is still vulnerable\n\n## Resources\n- [AWS Containers Roadmap](https://github.com/aws/containers-roadmap/issues/2808)\n- [ALSC Status updates](https://explore.alas.aws.amazon.com/CVE-2026-31431.html)\n\n## Check Vulnerability\n```bash\n# ssh into any EKS node\n\n# check for copy fail vulnerability\npython3 -c '\nimport socket\ntry:\n    socket.socket(socket.AF_ALG, socket.SOCK_SEQPACKET, 0)\n    print(\"FAIL: AF_ALG socket created - not protected\")\nexcept OSError as e:\n    print(\"OK:\", e)'\n\n# FAIL: AF_ALG socket created - not protected\n```\n\n## Deploy Copy Fail Blocker Viability\n```bash\n# check what BPF LSM is compiled in\ngrep CONFIG_BPF_LSM /boot/config-$(uname -r)\n# CONFIG_BPF_LSM=y\n\n# check bpf is in active LSM stack\ncat /sys/kernel/security/lsm\n# lockdown,capability,landlock,yama,safesetid,selinux,bpf,ima\n```\n\n## Deploy Copy Fail Blocker\n```bash\n# deploy copy fail blocker\nk  apply -f https://raw.githubusercontent.com/cozystack/copy-fail-blocker/v0.2.1/manifests/copy-fail-blocker.yaml\n\n# verify rollout\nk -n kube-system rollout status daemonset/copy-fail-blocker\n\n# verify copy fail is blocked\npython3 -c '\nimport socket\ntry:\n    socket.socket(socket.AF_ALG, socket.SOCK_SEQPACKET, 0)\n    print(\"FAIL: AF_ALG socket created - not protected\")\nexcept OSError as e:\n    print(\"OK:\", e)'\n\n# OK: [Errno 1] Operation not permitted\n```\n\n## Remove Copy Fail Blocker\n- remove once an AMI has been released with fix\n\n```bash\n# remove copy fail blocker\nk delete -f https://raw.githubusercontent.com/cozystack/copy-fail-blocker/v0.2.1/manifests/copy-fail-blocker.yaml\n```\n", "creation_timestamp": "2026-05-06T11:19:12.000000Z"}]}