VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-xb48-p8sf-sbfd

Essentials
Severities (7)
References (22)
Severity details (6)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-xb48-p8sf-sbfd
Aliases	CVE-2024-38564
Summary	In the Linux kernel, the following vulnerability has been resolved: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE bpf_prog_attach uses attach_type_to_prog_type to enforce proper attach type for BPF_PROG_TYPE_CGROUP_SKB. link_create uses bpf_prog_get and relies on bpf_prog_attach_check_attach_type to properly verify prog_type <> attach_type association. Add missing attach_type enforcement for the link_create case. Otherwise, it's currently possible to attach cgroup_skb prog types to other cgroup hooks.
Status	Published
Exploitability	0.5
Weighted Severity	4.0
Risk	2.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-665

Improper Initialization

System	Score	Found at
cvssv3	4.4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38564.json
epss	9e-05	https://api.first.org/data/v1/epss?cve=CVE-2024-38564
cvssv3.1	6	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc	Track	https://git.kernel.org/stable/c/543576ec15b17c0c93301ac8297333c7b6e84ac7
ssvc	Track	https://git.kernel.org/stable/c/6675c541f540a29487a802d3135280b69b9f568d
ssvc	Track	https://git.kernel.org/stable/c/67929e973f5a347f05fef064fea4ae79e7cdb5fd
ssvc	Track	https://git.kernel.org/stable/c/b34bbc76651065a5eafad8ddff1eb8d1f8473172

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38564.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-38564
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38564
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2293429		https://bugzilla.redhat.com/show_bug.cgi?id=2293429
543576ec15b17c0c93301ac8297333c7b6e84ac7		https://git.kernel.org/stable/c/543576ec15b17c0c93301ac8297333c7b6e84ac7
6675c541f540a29487a802d3135280b69b9f568d		https://git.kernel.org/stable/c/6675c541f540a29487a802d3135280b69b9f568d
67929e973f5a347f05fef064fea4ae79e7cdb5fd		https://git.kernel.org/stable/c/67929e973f5a347f05fef064fea4ae79e7cdb5fd
b34bbc76651065a5eafad8ddff1eb8d1f8473172		https://git.kernel.org/stable/c/b34bbc76651065a5eafad8ddff1eb8d1f8473172
RHSA-2024:10262		https://access.redhat.com/errata/RHSA-2024:10262
RHSA-2024:10281		https://access.redhat.com/errata/RHSA-2024:10281
RHSA-2024:10282		https://access.redhat.com/errata/RHSA-2024:10282
RHSA-2024:10945		https://access.redhat.com/errata/RHSA-2024:10945
RHSA-2024:10946		https://access.redhat.com/errata/RHSA-2024:10946
RHSA-2024:11486		https://access.redhat.com/errata/RHSA-2024:11486
RHSA-2024:6297		https://access.redhat.com/errata/RHSA-2024:6297
RHSA-2024:9546		https://access.redhat.com/errata/RHSA-2024:9546
USN-6949-1		https://usn.ubuntu.com/6949-1/
USN-6949-2		https://usn.ubuntu.com/6949-2/
USN-6952-1		https://usn.ubuntu.com/6952-1/
USN-6952-2		https://usn.ubuntu.com/6952-2/
USN-6955-1		https://usn.ubuntu.com/6955-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38564.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T14:57:28Z/ Found at https://git.kernel.org/stable/c/543576ec15b17c0c93301ac8297333c7b6e84ac7

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T14:57:28Z/ Found at https://git.kernel.org/stable/c/6675c541f540a29487a802d3135280b69b9f568d

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T14:57:28Z/ Found at https://git.kernel.org/stable/c/67929e973f5a347f05fef064fea4ae79e7cdb5fd

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T14:57:28Z/ Found at https://git.kernel.org/stable/c/b34bbc76651065a5eafad8ddff1eb8d1f8473172

Exploit Prediction Scoring System (EPSS)

Percentile	0.00979
EPSS Score	9e-05
Published At	June 6, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T16:50:51.732806+00:00	Debian Importer	Import	https://security-tracker.debian.org/tracker/data/json	38.6.0