CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune()
In the Linux kernel, the following vulnerability has been resolved:
net: sched: schmultiq: fix possible OOB write in multiqtune()
q->bands will be assigned to qopt->bands to execute subsequent code logic after kmalloc. So the old q->bands should not be used in kmalloc. Otherwise, an out-of-bounds write will occur.
Other sources
In the Linux kernel, the following vulnerability has been resolved:
net: sched: schmultiq: fix possible OOB write in multiqtune()
The Linux kernel CVE team has assigned CVE-2024-36978 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024061926-CVE-2024-36978-b4b8@gregkh/T
— Red Hat
Linux Kernel is vulnerable to a denial of service, caused by an out--of-bounds write in multiqtune(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
— IBM
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-36978?
CVE-2024-36978 has been assigned a severity level that indicates it can potentially lead to an out-of-bounds write in the Linux kernel.
How do I fix CVE-2024-36978?
To fix CVE-2024-36978, update the Linux kernel to a version that includes the patch addressing this vulnerability.
Which versions of the Linux kernel are affected by CVE-2024-36978?
CVE-2024-36978 affects multiple versions of the Linux kernel, particularly those prior to version 6.10.
Is CVE-2024-36978 present in Google Android?
Yes, CVE-2024-36978 may affect certain versions of Google Android that rely on vulnerable Linux kernel versions.
What is the nature of CVE-2024-36978?
CVE-2024-36978 is a vulnerability in the network scheduler of the Linux kernel that can lead to a potential out-of-bounds write.