CVE-2024-36978

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: sched: sch_multiq: fix possible OOB write in multiq_tune()

q->bands will be assigned to qopt->bands to execute subsequent code logic after kmalloc. So the old q->bands should not be used in kmalloc. Otherwise, an out-of-bounds write will occur.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc2999f7fb05b87da4060e38150c70fa46794d82b < d5d9d241786f49ae7cbc08e7fc95a115e9d80f3daffected
LinuxLinuxc2999f7fb05b87da4060e38150c70fa46794d82b < 52b1aa07cda6a199cd6754d3798c7759023bc70faffected
LinuxLinuxc2999f7fb05b87da4060e38150c70fa46794d82b < 598572c64287aee0b75bbba4e2881496878860f3affected
LinuxLinuxc2999f7fb05b87da4060e38150c70fa46794d82b < 0f208fad86631e005754606c3ec80c0d44a11882affected
LinuxLinuxc2999f7fb05b87da4060e38150c70fa46794d82b < 54c2c171c11a798fe887b3ff72922aa9d1411c1eaffected
LinuxLinuxc2999f7fb05b87da4060e38150c70fa46794d82b < d6fb5110e8722bc00748f22caeb650fe4672f129affected
LinuxLinuxc2999f7fb05b87da4060e38150c70fa46794d82b < affc18fdc694190ca7575b9a86632a73b9fe043daffected
LinuxLinux5.4affected
LinuxLinux0 < 5.4unaffected
LinuxLinux5.4.279 <= 5.4.*unaffected
LinuxLinux5.10.221 <= 5.10.*unaffected
LinuxLinux5.15.162 <= 5.15.*unaffected
LinuxLinux6.1.95 <= 6.1.*unaffected
LinuxLinux6.6.35 <= 6.6.*unaffected
LinuxLinux6.9.6 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

Additional References

References