CVE-2024-36974

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-36974
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36974.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-36974
Downstream
Related
Published
2024-06-18T20:15:13Z
Modified
2025-08-09T20:01:27Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

net/sched: taprio: always validate TCATAPRIOATTR_PRIOMAP

If one TCATAPRIOATTRPRIOMAP attribute has been provided, taprioparsemqprioopt() must validate it, or userspace can inject arbitrary data to the kernel, the second time taprio_change() is called.

First call (with valid attributes) sets dev->num_tc to a non zero value.

Second call (with arbitrary mqprio attributes) returns early from taprioparsemqprio_opt() and bad things can happen.

References

Affected packages