7.8

CVE-2024-36974

EPSS 0.02%
Veröffentlicht 18.06.2024 20:15:13
Zuletzt bearbeitet 12.05.2026 12:16:51
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP

In the Linux kernel, the following vulnerability has been resolved:

net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP

If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided,
taprio_parse_mqprio_opt() must validate it, or userspace
can inject arbitrary data to the kernel, the second time
taprio_change() is called.

First call (with valid attributes) sets dev->num_tc
to a non zero value.

Second call (with arbitrary mqprio attributes)
returns early from taprio_parse_mqprio_opt()
and bad things can happen.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 13

NVD 8 VulnDex Vulnerability Enrichment 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.2 < 5.4.279

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.221

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.162

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.95

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.35

Linux ≫ Linux Kernel Version >= 6.7 < 6.9.6

Linux ≫ Linux Kernel Version6.10 Updaterc1

Linux ≫ Linux Kernel Version6.10 Updaterc2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.064

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/0bf6cc96612bd396048f57d63f1ad454a846e39c

Patch

https://git.kernel.org/stable/c/6db4af09987cc5d5f0136bd46148b0e0460dae5b

Patch

https://git.kernel.org/stable/c/724050ae4b76e4fae05a923cb54101d792cf4404

Patch

https://git.kernel.org/stable/c/c37a27a35eadb59286c9092c49c241270c802ae2

Patch

https://git.kernel.org/stable/c/c6041e7124464ce7e896ee3f912897ce88a0c4ec

Patch

https://git.kernel.org/stable/c/d3dde4c217f0c31ab0621912e682b57e677dd923

Patch

https://git.kernel.org/stable/c/f921a58ae20852d188f70842431ce6519c4fdc36

Patch

https://cert-portal.siemens.com/productcert/html/ssa-265688.html

https://cert-portal.siemens.com/productcert/html/ssa-355557.html

https://cert-portal.siemens.com/productcert/html/ssa-613116.html

https://nvd.nist.gov/vuln/detail/CVE-2024-36974

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-36974

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-36974

EUVD