| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: taprio: extend minimum interval restriction to entire cycle too\n\nIt is possible for syzbot to side-step the restriction imposed by the\nblamed commit in the Fixes: tag, because the taprio UAPI permits a\ncycle-time different from (and potentially shorter than) the sum of\nentry intervals.\n\nWe need one more restriction, which is that the cycle time itself must\nbe larger than N * ETH_ZLEN bit times, where N is the number of schedule\nentries. This restriction needs to apply regardless of whether the cycle\ntime came from the user or was the implicit, auto-calculated value, so\nwe move the existing \"cycle == 0\" check outside the \"if \"(!new->cycle_time)\"\nbranch. This way covers both conditions and scenarios.\n\nAdd a selftest which illustrates the issue triggered by syzbot." |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "net/sched/sch_taprio.c", |
| "tools/testing/selftests/tc-testing/tc-tests/qdiscs/taprio.json" |
| ], |
| "versions": [ |
| { |
| "version": "b5b73b26b3ca34574124ed7ae9c5ba8391a7f176", |
| "lessThan": "34d83c3e6e97867ae061d14eb52123404aab1cbc", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "b5b73b26b3ca34574124ed7ae9c5ba8391a7f176", |
| "lessThan": "b939d1e04a90248b4cdf417b0969c270ceb992b2", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "b5b73b26b3ca34574124ed7ae9c5ba8391a7f176", |
| "lessThan": "91f249b01fe490fce11fbb4307952ca8cce78724", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "b5b73b26b3ca34574124ed7ae9c5ba8391a7f176", |
| "lessThan": "fb66df20a7201e60f2b13d7f95d031b31a8831d3", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "83bd58952b2b8543d8c48d1453975ab47a0a7504", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "817ff50796c5e364c879596509f83fcba194bb6f", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "net/sched/sch_taprio.c", |
| "tools/testing/selftests/tc-testing/tc-tests/qdiscs/taprio.json" |
| ], |
| "versions": [ |
| { |
| "version": "5.9", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "5.9", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.1.119", |
| "lessThanOrEqual": "6.1.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.6.33", |
| "lessThanOrEqual": "6.6.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.9.4", |
| "lessThanOrEqual": "6.9.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.10", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.9", |
| "versionEndExcluding": "6.1.119" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.9", |
| "versionEndExcluding": "6.6.33" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.9", |
| "versionEndExcluding": "6.9.4" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.9", |
| "versionEndExcluding": "6.10" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.4.68" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.8.12" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/34d83c3e6e97867ae061d14eb52123404aab1cbc" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/b939d1e04a90248b4cdf417b0969c270ceb992b2" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/91f249b01fe490fce11fbb4307952ca8cce78724" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/fb66df20a7201e60f2b13d7f95d031b31a8831d3" |
| } |
| ], |
| "title": "net/sched: taprio: extend minimum interval restriction to entire cycle too", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2024-36244", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
