ByteOS Network

CVE Vulnerability Details :

CVE-2024-36978

PUBLISHED

More Info Official Page

Assigner-Linux

Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67

Published At-19 Jun, 2024 | 06:20

Updated At-04 May, 2025 | 09:13

▼CVE Numbering Authority (CNA)

net: sched: sch_multiq: fix possible OOB write in multiq_tune()

In the Linux kernel, the following vulnerability has been resolved: net: sched: sch_multiq: fix possible OOB write in multiq_tune() q->bands will be assigned to qopt->bands to execute subsequent code logic after kmalloc. So the old q->bands should not be used in kmalloc. Otherwise, an out-of-bounds write will occur.

Affected Products

Vendor

Linux Kernel Organization, Inc

Product

Linux

Repo

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Program Files

net/sched/sch_multiq.c

Default Status

unaffected

Versions

Affected

From c2999f7fb05b87da4060e38150c70fa46794d82b before d5d9d241786f49ae7cbc08e7fc95a115e9d80f3d (git)
From c2999f7fb05b87da4060e38150c70fa46794d82b before 52b1aa07cda6a199cd6754d3798c7759023bc70f (git)
From c2999f7fb05b87da4060e38150c70fa46794d82b before 598572c64287aee0b75bbba4e2881496878860f3 (git)
From c2999f7fb05b87da4060e38150c70fa46794d82b before 0f208fad86631e005754606c3ec80c0d44a11882 (git)
From c2999f7fb05b87da4060e38150c70fa46794d82b before 54c2c171c11a798fe887b3ff72922aa9d1411c1e (git)
From c2999f7fb05b87da4060e38150c70fa46794d82b before d6fb5110e8722bc00748f22caeb650fe4672f129 (git)
From c2999f7fb05b87da4060e38150c70fa46794d82b before affc18fdc694190ca7575b9a86632a73b9fe043d (git)

Vendor

Linux Kernel Organization, Inc

Product

Linux

Repo

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Program Files

net/sched/sch_multiq.c

Default Status

affected

Versions

Affected

Unaffected

From 0 before 5.4 (semver)
From 5.4.279 through 5.4.* (semver)
From 5.10.221 through 5.10.* (semver)
From 5.15.162 through 5.15.* (semver)
From 6.1.95 through 6.1.* (semver)
From 6.6.35 through 6.6.* (semver)
From 6.9.6 through 6.9.* (semver)
From 6.10 through * (original_commit_for_fix)

References

Hyperlink	Resource
https://git.kernel.org/stable/c/d5d9d241786f49ae7cbc08e7fc95a115e9d80f3d	N/A
https://git.kernel.org/stable/c/52b1aa07cda6a199cd6754d3798c7759023bc70f	N/A
https://git.kernel.org/stable/c/598572c64287aee0b75bbba4e2881496878860f3	N/A
https://git.kernel.org/stable/c/0f208fad86631e005754606c3ec80c0d44a11882	N/A
https://git.kernel.org/stable/c/54c2c171c11a798fe887b3ff72922aa9d1411c1e	N/A
https://git.kernel.org/stable/c/d6fb5110e8722bc00748f22caeb650fe4672f129	N/A
https://git.kernel.org/stable/c/affc18fdc694190ca7575b9a86632a73b9fe043d	N/A

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://git.kernel.org/stable/c/d5d9d241786f49ae7cbc08e7fc95a115e9d80f3d	x_transferred
https://git.kernel.org/stable/c/52b1aa07cda6a199cd6754d3798c7759023bc70f	x_transferred
https://git.kernel.org/stable/c/598572c64287aee0b75bbba4e2881496878860f3	x_transferred
https://git.kernel.org/stable/c/0f208fad86631e005754606c3ec80c0d44a11882	x_transferred
https://git.kernel.org/stable/c/54c2c171c11a798fe887b3ff72922aa9d1411c1e	x_transferred
https://git.kernel.org/stable/c/d6fb5110e8722bc00748f22caeb650fe4672f129	x_transferred
https://git.kernel.org/stable/c/affc18fdc694190ca7575b9a86632a73b9fe043d	x_transferred

Affected Products

Affected

Affected

Unaffected

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References