5.5
CVE-2024-36244
- EPSS 0.01%
- Veröffentlicht 21.06.2024 11:15:09
- Zuletzt bearbeitet 01.10.2025 13:58:15
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- Teams Watchlist Login
- Unerledigt Login
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: extend minimum interval restriction to entire cycle too It is possible for syzbot to side-step the restriction imposed by the blamed commit in the Fixes: tag, because the taprio UAPI permits a cycle-time different from (and potentially shorter than) the sum of entry intervals. We need one more restriction, which is that the cycle time itself must be larger than N * ETH_ZLEN bit times, where N is the number of schedule entries. This restriction needs to apply regardless of whether the cycle time came from the user or was the implicit, auto-calculated value, so we move the existing "cycle == 0" check outside the "if "(!new->cycle_time)" branch. This way covers both conditions and scenarios. Add a selftest which illustrates the issue triggered by syzbot.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.4.68 < 5.5
Linux ≫ Linux Kernel Version >= 5.8.12 < 5.9
Linux ≫ Linux Kernel Version >= 5.9.1 < 6.1.119
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.33
Linux ≫ Linux Kernel Version >= 6.7 < 6.9.4
Linux ≫ Linux Kernel Version5.9 Update-
Linux ≫ Linux Kernel Version5.9 Updaterc7
Linux ≫ Linux Kernel Version5.9 Updaterc8
Linux ≫ Linux Kernel Version6.10 Updaterc1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.016 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|