CVE-2024-53164: Add .vulnerable file
The investigation confirms that the bug fixed in commit 5eb7de8cd58e
was specific to CAKE and CHOKe schedulers. The root causes were:
1. For sch_choke.c: Bug introduced in commit 2ccccf5fb43ff (2016-02-25)
when WANG Cong replaced qdisc_tree_decrease_qlen() with
qdisc_tree_reduce_backlog() but kept the incorrect ordering (calling
it before decrementing qlen).
2. For sch_cake.c: Bug present from initial implementation in commit
046f6fd5daefa (2018-07-06).
3. The bug became problematic after commit 959466588aa7f (2017-08-15)
added the empty qdisc check in qdisc_tree_reduce_backlog(), making
the notification logic dependent on qlen being 0.
The other major qdisc implementations (HTB, QFQ, HFSC, FQ) don't use
qdisc_tree_reduce_backlog() in their qlen_notify callbacks, so they were
never affected by this ordering issue.
Signed-off-by: Sasha Levin <sashal@kernel.org>
1 file changed
