CVE-2024-36244

net/sched: taprio: extend minimum interval restriction to entire cycle too

Description

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: extend minimum interval restriction to entire cycle too It is possible for syzbot to side-step the restriction imposed by the blamed commit in the Fixes: tag, because the taprio UAPI permits a cycle-time different from (and potentially shorter than) the sum of entry intervals. We need one more restriction, which is that the cycle time itself must be larger than N * ETH_ZLEN bit times, where N is the number of schedule entries. This restriction needs to apply regardless of whether the cycle time came from the user or was the implicit, auto-calculated value, so we move the existing "cycle == 0" check outside the "if "(!new->cycle_time)" branch. This way covers both conditions and scenarios. Add a selftest which illustrates the issue triggered by syzbot.

N/A
CVSS
Severity:
EPSS 0.16%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/34d83c3e6e97867ae061d14eb52123404aab1cbc
https://git.kernel.org/stable/c/b939d1e04a90248b4cdf417b0969c270ceb992b2
https://git.kernel.org/stable/c/91f249b01fe490fce11fbb4307952ca8cce78724
https://git.kernel.org/stable/c/fb66df20a7201e60f2b13d7f95d031b31a8831d3

Frequently Asked Questions

What is the severity of CVE-2024-36244?
CVE-2024-36244 has not yet been assigned a CVSS score.
How to fix CVE-2024-36244?
To fix CVE-2024-36244, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-36244 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-36244 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-36244?
CVE-2024-36244 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.