[SRU][M][PATCH 0/1] CVE-2024-36978
Koichiro Den
koichiro.den at canonical.com
Tue Sep 17 04:56:35 UTC 2024
[Impact]
net: sched: sch_multiq: fix possible OOB write in multiq_tune()
q->bands will be assigned to qopt->bands to execute subsequent code logic
after kmalloc. So the old q->bands should not be used in kmalloc.
Otherwise, an out-of-bounds write will occur.
[Fix]
Noble: fixed via stable
Mantic: Clean cherry-pick
Jammy: fixed via stable
Focal: fixed via stable
Bionic: not affected
Xenial: not affected
Trusty: not affected
[Test case]
Compile and boot tested
[Where problem could occur]
This fix affects those who use sch_multiq driver, an issue with this fix
would be visible to the user via unpredicted system behavior or a system
crash.
Hangyu Hua (1):
net: sched: sch_multiq: fix possible OOB write in multiq_tune()
net/sched/sch_multiq.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
2.43.0
More information about the kernel-team
mailing list