CVE-2024-53164

net: sched: fix ordering of qlen adjustment

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen
_before_ a call to said function because otherwise it may fail to notify
parent qdiscs when the child is about to become empty.

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.

Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux kernel did not properly handle locking for rings with IOPOLL, leading to a double-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-11-19 CVE Reserved
2024-12-27 CVE Published
2025-01-20 CVE Updated
2025-03-19 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/44782565e1e6174c94bddfa72ac7267cd09c1648	2025-01-09
https://git.kernel.org/stable/c/5e473f462a16f1a34e49ea4289a667d2e4f35b52	2025-01-09
https://git.kernel.org/stable/c/33db36b3c53d0fda2699ea39ba72bee4de8336e8	2025-01-09
https://git.kernel.org/stable/c/489422e2befff88a1de52b2acebe7b333bded025	2024-12-27
https://git.kernel.org/stable/c/97e13434b5da8e91bdf965352fad2141d13d72d3	2024-12-27
https://git.kernel.org/stable/c/e3e54ad9eff8bdaa70f897e5342e34b76109497f	2024-12-27
https://git.kernel.org/stable/c/5eb7de8cd58e73851cd37ff8d0666517d9926948	2024-12-04

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.4.289 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.289"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.233 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.233"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15.176 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.176"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1.122 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.122"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.6.68 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.68"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.12.7 Search vendor "Linux" for product "Linux Kernel" and version " < 6.12.7"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.13 Search vendor "Linux" for product "Linux Kernel" and version " < 6.13"		en		Affected