CVE-2024-38566

MEDIUM

Linux Kernel 6.4-6.6.32, 6.7-6.8.11, 6.9-6.9.2 - Use-After-Free in BPF Verifier Socket Handling

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-38566. PoCs published by fabrizioperna.

AI-analyzed exploit summary This repository contains functional eBPF exploit PoCs for multiple CVEs, including CVE-2024-38566. The PoC for CVE-2024-38566 includes BPF bytecode and a server component, demonstrating a kernel vulnerability in the eBPF verifier.

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix verifier assumptions about socket->sk The verifier assumes that 'sk' field in 'struct socket' is valid and non-NULL when 'socket' pointer itself is trusted and non-NULL. That may not be the case when socket was just created and passed to LSM socket_accept hook. Fix this verifier assumption and adjust tests.

Exploits (1)

github WORKING POC

by fabrizioperna · cpoc

https://github.com/fabrizioperna/ebpf-verifier-cve-pocs/tree/main/CVE-2024-38566

View Code ZIP pw:eip

This repository contains functional eBPF exploit PoCs for multiple CVEs, including CVE-2024-38566. The PoC for CVE-2024-38566 includes BPF bytecode and a server component, demonstrating a kernel vulnerability in the eBPF verifier.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Linux Kernel (eBPF verifier)

No auth needed

Prerequisites: Linux kernel with vulnerable eBPF verifier · ability to load eBPF programs

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/39f8a29330f433000e716eefc4b9abda05b71a82

Patch

https://git.kernel.org/stable/c/6f5ae91172a93abac9720ba94edf3ec8f4d7f24f

Patch

https://git.kernel.org/stable/c/c58ccdd2483a1d990748cdaf94206b5d5986a001

Patch

https://git.kernel.org/stable/c/0db63c0b86e981a1e97d2596d64ceceba1a5470e

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 4.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

Status published

Products (14)

linux/Kernel 6.4.0 - 6.6.33linux

linux/Kernel 6.7.0 - 6.8.12linux

linux/Kernel 6.9.0 - 6.9.3linux

Linux/Linux < 6.4

Linux/Linux 6.10

Linux/Linux 6.4

Linux/Linux 6.6.33 - 6.6.*

Linux/Linux 6.8.12 - 6.8.*

Linux/Linux 6.9.3 - 6.9.*

Linux/Linux 6fcd486b3a0a628c41f12b3a7329a18a2c74b351 - 0db63c0b86e981a1e97d2596d64ceceba1a5470e

... and 4 more

Published Jun 19, 2024

Tracked Since Feb 18, 2026