CVE-2024-36978

net: sched: sch_multiq: fix possible OOB write in multiq_tune()

Severity Score

7.0

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: net: sched: sch_multiq: fix possible OOB write in multiq_tune() q->bands will be assigned to qopt->bands to execute subsequent code logic
after kmalloc. So the old q->bands should not be used in kmalloc.
Otherwise, an out-of-bounds write will occur.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: sched: sch_multiq: corrige posible escritura OOB en multiq_tune() q->bands se asignarán a qopt->bands para ejecutar la lógica de código posterior después de kmalloc. Por lo tanto, las antiguas q->bands no deberían usarse en kmalloc. De lo contrario, se producirá una escritura fuera de los límites.

An out-of-bounds write flaw was found in the Linux kernel's multiq qdisc functionality. This vulnerability allows a local user to crash or potentially escalate their privileges on the system.

In the Linux kernel, the following vulnerability has been resolved: net: sched: sch_multiq: fix possible OOB write in multiq_tune() q->bands will be assigned to qopt->bands to execute subsequent code logic after kmalloc. So the old q->bands should not be used in kmalloc. Otherwise, an out-of-bounds write will occur.

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-05-30 CVE Reserved
2024-06-19 CVE Published
2024-12-19 CVE Updated
2025-03-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-787: Out-of-bounds Write

CAPEC

References (10)

URL	Tag	Source
https://git.kernel.org/stable/c/c2999f7fb05b87da4060e38150c70fa46794d82b	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/d5d9d241786f49ae7cbc08e7fc95a115e9d80f3d	2024-07-05
https://git.kernel.org/stable/c/52b1aa07cda6a199cd6754d3798c7759023bc70f	2024-07-05
https://git.kernel.org/stable/c/598572c64287aee0b75bbba4e2881496878860f3	2024-07-05
https://git.kernel.org/stable/c/0f208fad86631e005754606c3ec80c0d44a11882	2024-06-21
https://git.kernel.org/stable/c/54c2c171c11a798fe887b3ff72922aa9d1411c1e	2024-06-21
https://git.kernel.org/stable/c/d6fb5110e8722bc00748f22caeb650fe4672f129	2024-06-21
https://git.kernel.org/stable/c/affc18fdc694190ca7575b9a86632a73b9fe043d	2024-06-05

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-36978	2024-10-16
https://bugzilla.redhat.com/show_bug.cgi?id=2293078	2024-10-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 5.4.279 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.4.279"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 5.10.221 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.10.221"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 5.15.162 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.15.162"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 6.1.95 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 6.1.95"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 6.6.35 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 6.6.35"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 6.9.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 6.9.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 6.10"		en		Affected