CVE-2024-36974

Source
https://cve.org/CVERecord?id=CVE-2024-36974
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36974.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-36974
Downstream
Related
Published
2024-06-18T19:15:07.892Z
Modified
2026-07-11T03:55:45.449736072Z
Summary
net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP
Details

In the Linux kernel, the following vulnerability has been resolved:

net/sched: taprio: always validate TCATAPRIOATTR_PRIOMAP

If one TCATAPRIOATTRPRIOMAP attribute has been provided, taprioparsemqprioopt() must validate it, or userspace can inject arbitrary data to the kernel, the second time taprio_change() is called.

First call (with valid attributes) sets dev->num_tc to a non zero value.

Second call (with arbitrary mqprio attributes) returns early from taprioparsemqprio_opt() and bad things can happen.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36974.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a3d43c0d56f1b94e74963a2fbadfb70126d92213
Fixed
c6041e7124464ce7e896ee3f912897ce88a0c4ec
Fixed
6db4af09987cc5d5f0136bd46148b0e0460dae5b
Fixed
d3dde4c217f0c31ab0621912e682b57e677dd923
Fixed
0bf6cc96612bd396048f57d63f1ad454a846e39c
Fixed
724050ae4b76e4fae05a923cb54101d792cf4404
Fixed
c37a27a35eadb59286c9092c49c241270c802ae2
Fixed
f921a58ae20852d188f70842431ce6519c4fdc36

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36974.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.2.0
Fixed
5.4.279
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.221
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.162
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.95
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.35
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.9.6

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36974.json"