What is CVE-2024-38564?

CVE-2024-38564 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10. CVE-2024-38564 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2024-38564?

CVE-2024-38564 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2024-38564?

No patch is currently available for CVE-2024-38564. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2024-38564 actively exploited?

CVE-2024-38564 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2024-38564

Medium

In the Linux kernel, the following vulnerability has been resolved: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE bpf_prog_attach uses attach_type_to_prog_type to enforce proper attach type for BPF_PROG_TYPE_CGROUP_SKB. link_create uses bpf_prog_get and relies on bpf_prog_attach_check_attach_type to properly verify prog_type <> attach_type association. Add missing attach_type enforcement for the link_create case. Otherwise, it's currently possible to attach cgroup_skb prog types to other cgroup hooks.

Package Linux Kernel

Published 2024-06-19

Last modified 2025-10-20

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

The following references provide additional information about CVE-2024-38564 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/543576ec15b17c0c93301ac8297333c7b6e84ac7
Patch
Kernel patch commit
https://git.kernel.org/stable/c/6675c541f540a29487a802d3135280b69b9f568d
Patch
Kernel patch commit
https://git.kernel.org/stable/c/67929e973f5a347f05fef064fea4ae79e7cdb5fd
Patch

4 patch commits total View all on NVD

Details

CVE ID CVE-2024-38564

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-06-19

Modified 2025-10-20

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2024-38564?

CVE-2024-38564 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2024-38564 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2024-38564?

CVE-2024-38564 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2024-38564?

No patch is currently available for CVE-2024-38564. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2024-38564 actively exploited?

No — CVE-2024-38564 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.