CVE-2024-36244

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
21/06/2024
Last modified:
02/12/2024

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/sched: taprio: extend minimum interval restriction to entire cycle too<br /> <br /> It is possible for syzbot to side-step the restriction imposed by the<br /> blamed commit in the Fixes: tag, because the taprio UAPI permits a<br /> cycle-time different from (and potentially shorter than) the sum of<br /> entry intervals.<br /> <br /> We need one more restriction, which is that the cycle time itself must<br /> be larger than N * ETH_ZLEN bit times, where N is the number of schedule<br /> entries. This restriction needs to apply regardless of whether the cycle<br /> time came from the user or was the implicit, auto-calculated value, so<br /> we move the existing "cycle == 0" check outside the "if "(!new-&gt;cycle_time)"<br /> branch. This way covers both conditions and scenarios.<br /> <br /> Add a selftest which illustrates the issue triggered by syzbot.

Impact