NACK/Cmt: [SRU][M][PATCH 0/1] CVE-2024-36978
Thibault Ferrante
thibault.ferrante at canonical.com
Tue Sep 17 13:29:44 UTC 2024
On 17-09-2024 06:56, Koichiro Den wrote:
> [Impact]
>
> net: sched: sch_multiq: fix possible OOB write in multiq_tune()
>
> q->bands will be assigned to qopt->bands to execute subsequent code logic
> after kmalloc. So the old q->bands should not be used in kmalloc.
> Otherwise, an out-of-bounds write will occur.
>
> [Fix]
>
> Noble: fixed via stable
> Mantic: Clean cherry-pick
Mantic end of support was July 2024, no need to target it.
https://ubuntu.com/about/release-cycle
> Jammy: fixed via stable
> Focal: fixed via stable
> Bionic: not affected
> Xenial: not affected
> Trusty: not affected
>
> [Test case]
>
> Compile and boot tested
>
> [Where problem could occur]
>
> This fix affects those who use sch_multiq driver, an issue with this fix
> would be visible to the user via unpredicted system behavior or a system
> crash.
>
>
> Hangyu Hua (1):
> net: sched: sch_multiq: fix possible OOB write in multiq_tune()
>
> net/sched/sch_multiq.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
--
--
Thibault
More information about the kernel-team
mailing list