CVE-2024-36244
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-36244
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36244.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-36244
- Downstream
- Related
- Published
- 2024-06-21T10:18:06.373Z
- Modified
- 2025-11-28T02:35:08.038779Z
- Summary
- net/sched: taprio: extend minimum interval restriction to entire cycle too
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net/sched: taprio: extend minimum interval restriction to entire cycle too
It is possible for syzbot to side-step the restriction imposed by the blamed commit in the Fixes: tag, because the taprio UAPI permits a cycle-time different from (and potentially shorter than) the sum of entry intervals.
We need one more restriction, which is that the cycle time itself must be larger than N * ETHZLEN bit times, where N is the number of schedule entries. This restriction needs to apply regardless of whether the cycle time came from the user or was the implicit, auto-calculated value, so we move the existing "cycle == 0" check outside the "if "(!new->cycletime)" branch. This way covers both conditions and scenarios.
Add a selftest which illustrates the issue triggered by syzbot.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36244.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/34d83c3e6e97867ae061d14eb52123404aab1cbc
- https://git.kernel.org/stable/c/91f249b01fe490fce11fbb4307952ca8cce78724
- https://git.kernel.org/stable/c/b939d1e04a90248b4cdf417b0969c270ceb992b2
- https://git.kernel.org/stable/c/fb66df20a7201e60f2b13d7f95d031b31a8831d3
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36244.json
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-36244
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedb5b73b26b3ca34574124ed7ae9c5ba8391a7f176Fixed34d83c3e6e97867ae061d14eb52123404aab1cbcFixedb939d1e04a90248b4cdf417b0969c270ceb992b2Fixed91f249b01fe490fce11fbb4307952ca8cce78724Fixedfb66df20a7201e60f2b13d7f95d031b31a8831d3
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected83bd58952b2b8543d8c48d1453975ab47a0a7504Last affected817ff50796c5e364c879596509f83fcba194bb6f