7.8

CVE-2024-36978

net: sched: sch_multiq: fix possible OOB write in multiq_tune()

In the Linux kernel, the following vulnerability has been resolved:

net: sched: sch_multiq: fix possible OOB write in multiq_tune()

q->bands will be assigned to qopt->bands to execute subsequent code logic
after kmalloc. So the old q->bands should not be used in kmalloc.
Otherwise, an out-of-bounds write will occur.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.4 < 5.4.279
LinuxLinux Kernel Version >= 5.5 < 5.10.221
LinuxLinux Kernel Version >= 5.11 < 5.15.162
LinuxLinux Kernel Version >= 5.16 < 6.1.95
LinuxLinux Kernel Version >= 6.2 < 6.6.35
LinuxLinux Kernel Version >= 6.7 < 6.9.6
LinuxLinux Kernel Version6.10 Updaterc1
LinuxLinux Kernel Version6.10 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.199
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/0f208fad86631e005754606c3ec80c0d44a11882
Patch
https://git.kernel.org/stable/c/52b1aa07cda6a199cd6754d3798c7759023bc70f
Patch
https://git.kernel.org/stable/c/54c2c171c11a798fe887b3ff72922aa9d1411c1e
Patch
https://git.kernel.org/stable/c/598572c64287aee0b75bbba4e2881496878860f3
Patch
https://git.kernel.org/stable/c/affc18fdc694190ca7575b9a86632a73b9fe043d
Patch
https://git.kernel.org/stable/c/d5d9d241786f49ae7cbc08e7fc95a115e9d80f3d
Patch
https://git.kernel.org/stable/c/d6fb5110e8722bc00748f22caeb650fe4672f129
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
https://cert-portal.siemens.com/productcert/html/ssa-355557.html
https://cert-portal.siemens.com/productcert/html/ssa-613116.html