CVE-2024-36978
net: sched: sch_multiq: fix possible OOB write in multiq_tune()
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
19 Jun 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the Linux kernel, the following vulnerability has been resolved:
net: sched: sch_multiq: fix possible OOB write in multiq_tune()
q->bands will be assigned to qopt->bands to execute subsequent code logic
after kmalloc. So the old q->bands should not be used in kmalloc.
Otherwise, an out-of-bounds write will occur.
Affected products
Linux · LinuxWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://cert-portal.siemens.com/productcert/html/ssa-265688.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-355557.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-613116.htmlhttps://git.kernel.org/stable/c/0f208fad86631e005754606c3ec80c0d44a11882https://git.kernel.org/stable/c/52b1aa07cda6a199cd6754d3798c7759023bc70fhttps://git.kernel.org/stable/c/54c2c171c11a798fe887b3ff72922aa9d1411c1ehttps://git.kernel.org/stable/c/598572c64287aee0b75bbba4e2881496878860f3https://git.kernel.org/stable/c/affc18fdc694190ca7575b9a86632a73b9fe043dhttps://git.kernel.org/stable/c/d5d9d241786f49ae7cbc08e7fc95a115e9d80f3dhttps://git.kernel.org/stable/c/d6fb5110e8722bc00748f22caeb650fe4672f129https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html