PT-2024-28072 · Linux+8 · Linux Kernel+8

Published

2024-04-30

·

Updated

2026-05-26

·

CVE-2024-38564

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37
Description The issue concerns the Linux kernel, where a vulnerability has been resolved by adding BPF PROG TYPE CGROUP SKB attach type enforcement in BPF LINK CREATE. The bpf prog attach function uses attach type to prog type to enforce the proper attach type for BPF PROG TYPE CGROUP SKB, while link create uses bpf prog get and relies on bpf prog attach check attach type to verify the association between prog type and attach type. Without this enforcement, it was possible to attach cgroup skb prog types to other cgroup hooks.
Recommendations To resolve the issue, update the Linux kernel to version 6.6.37 or later. As a temporary workaround, consider restricting the use of BPF PROG TYPE CGROUP SKB until the update is applied.

Exploit

Fix

Improper Initialization

Weakness Enumeration

CWE-665

Related Identifiers

ALSA-2024:10281
ALSA-2024:10282
ALSA-2024:11486
ALSA-2024_11486
ALSA-2025_16880
AZL-68606
BDU:2026-03638
CESA-2024_10281
CESA-2024_10282
CVE-2024-38564
ECHO-F808-3B01-4FB6
INFSA-2024_10281
INFSA-2024_10282
INFSA-2024_11486
MGASA-2024-0263
MGASA-2024-0266
OESA-2024-1792
OESA-2024-1796
OESA-2024-1836
OPENSUSE-SU-2024_2372-1
OPENSUSE-SU-2024_2394-1
RHSA-2024:10262
RHSA-2024:10281
RHSA-2024:10282
RHSA-2024:10945
RHSA-2024:10946
RHSA-2024:11486
RHSA-2024:6297
RHSA-2024:9546
RHSA-2024_10281
RHSA-2024_10282
RHSA-2024_11486
RLSA-2024:10281
RLSA-2024:10282
SUSE-SU-2024:2372-1
SUSE-SU-2024:2385-1
SUSE-SU-2024:2394-1
SUSE-SU-2024:2495-1
SUSE-SU-2024:2571-1
SUSE-SU-2024:2896-1
SUSE-SU-2024:2939-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
USN-6949-1
USN-6949-2
USN-6952-1
USN-6952-2
USN-6955-1

Affected Products

Almalinux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu