CVE-2024-36978Out-of-bounds Write in Linux

CWE-787Out-of-bounds Write46 documents8 sources
Severity
7.8HIGHNVD
OSV5.5OSV5.3
EPSS
0.0%
top 91.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedJun 19
Latest updateAug 14

Description

In the Linux kernel, the following vulnerability has been resolved: net: sched: sch_multiq: fix possible OOB write in multiq_tune() q->bands will be assigned to qopt->bands to execute subsequent code logic after kmalloc. So the old q->bands should not be used in kmalloc. Otherwise, an out-of-bounds write will occur.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

NVDlinux/linux_kernel5.45.4.279+6
Debianlinux/linux_kernel< 5.10.221-1+3
Ubuntulinux/linux_kernel< 5.4.0-195.215+2
CVEListV5linux/linuxc2999f7fb05b87da4060e38150c70fa46794d82bd5d9d241786f49ae7cbc08e7fc95a115e9d80f3d+7
debiandebian/linux< linux 6.1.99-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

22
OSV
CVE-2024-36978: In multiq_tune of sch_multiq2024-11-01
OSV
linux-raspi-5.4 vulnerabilities2024-10-01
OSV
linux-raspi vulnerabilities2024-09-26
OSV
linux-azure-fde-5.15 vulnerabilities2024-09-25
OSV
linux-lowlatency, linux-lowlatency-hwe-5.15 vulnerabilities2024-09-23

📋Vendor Advisories

23
CISA ICS
Siemens Third-Party Components in SINEC OS2025-08-14
Android
CVE-2024-36978: Net2024-11-01
Ubuntu
Linux kernel vulnerabilities2024-10-01
Ubuntu
Linux kernel vulnerabilities2024-09-26
Ubuntu
Linux kernel vulnerabilities2024-09-25