cve-2024-36244
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2024-12-19 09:01
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: extend minimum interval restriction to entire cycle too It is possible for syzbot to side-step the restriction imposed by the blamed commit in the Fixes: tag, because the taprio UAPI permits a cycle-time different from (and potentially shorter than) the sum of entry intervals. We need one more restriction, which is that the cycle time itself must be larger than N * ETH_ZLEN bit times, where N is the number of schedule entries. This restriction needs to apply regardless of whether the cycle time came from the user or was the implicit, auto-calculated value, so we move the existing "cycle == 0" check outside the "if "(!new->cycle_time)" branch. This way covers both conditions and scenarios. Add a selftest which illustrates the issue triggered by syzbot.
Impacted products
Vendor Product Version
Linux Linux Version: 5.9
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:37:03.670Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b939d1e04a90248b4cdf417b0969c270ceb992b2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/91f249b01fe490fce11fbb4307952ca8cce78724"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fb66df20a7201e60f2b13d7f95d031b31a8831d3"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36244",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:09:44.304375Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:46.251Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_taprio.c",
            "tools/testing/selftests/tc-testing/tc-tests/qdiscs/taprio.json"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "34d83c3e6e97867ae061d14eb52123404aab1cbc",
              "status": "affected",
              "version": "b5b73b26b3ca34574124ed7ae9c5ba8391a7f176",
              "versionType": "git"
            },
            {
              "lessThan": "b939d1e04a90248b4cdf417b0969c270ceb992b2",
              "status": "affected",
              "version": "b5b73b26b3ca34574124ed7ae9c5ba8391a7f176",
              "versionType": "git"
            },
            {
              "lessThan": "91f249b01fe490fce11fbb4307952ca8cce78724",
              "status": "affected",
              "version": "b5b73b26b3ca34574124ed7ae9c5ba8391a7f176",
              "versionType": "git"
            },
            {
              "lessThan": "fb66df20a7201e60f2b13d7f95d031b31a8831d3",
              "status": "affected",
              "version": "b5b73b26b3ca34574124ed7ae9c5ba8391a7f176",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_taprio.c",
            "tools/testing/selftests/tc-testing/tc-tests/qdiscs/taprio.json"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.119",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: taprio: extend minimum interval restriction to entire cycle too\n\nIt is possible for syzbot to side-step the restriction imposed by the\nblamed commit in the Fixes: tag, because the taprio UAPI permits a\ncycle-time different from (and potentially shorter than) the sum of\nentry intervals.\n\nWe need one more restriction, which is that the cycle time itself must\nbe larger than N * ETH_ZLEN bit times, where N is the number of schedule\nentries. This restriction needs to apply regardless of whether the cycle\ntime came from the user or was the implicit, auto-calculated value, so\nwe move the existing \"cycle == 0\" check outside the \"if \"(!new-\u003ecycle_time)\"\nbranch. This way covers both conditions and scenarios.\n\nAdd a selftest which illustrates the issue triggered by syzbot."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:01:02.595Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/34d83c3e6e97867ae061d14eb52123404aab1cbc"
        },
        {
          "url": "https://git.kernel.org/stable/c/b939d1e04a90248b4cdf417b0969c270ceb992b2"
        },
        {
          "url": "https://git.kernel.org/stable/c/91f249b01fe490fce11fbb4307952ca8cce78724"
        },
        {
          "url": "https://git.kernel.org/stable/c/fb66df20a7201e60f2b13d7f95d031b31a8831d3"
        }
      ],
      "title": "net/sched: taprio: extend minimum interval restriction to entire cycle too",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36244",
    "datePublished": "2024-06-21T10:18:06.373Z",
    "dateReserved": "2024-06-21T10:13:16.319Z",
    "dateUpdated": "2024-12-19T09:01:02.595Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-36244\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-06-21T11:15:09.957\",\"lastModified\":\"2024-12-02T08:15:05.643\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet/sched: taprio: extend minimum interval restriction to entire cycle too\\n\\nIt is possible for syzbot to side-step the restriction imposed by the\\nblamed commit in the Fixes: tag, because the taprio UAPI permits a\\ncycle-time different from (and potentially shorter than) the sum of\\nentry intervals.\\n\\nWe need one more restriction, which is that the cycle time itself must\\nbe larger than N * ETH_ZLEN bit times, where N is the number of schedule\\nentries. This restriction needs to apply regardless of whether the cycle\\ntime came from the user or was the implicit, auto-calculated value, so\\nwe move the existing \\\"cycle == 0\\\" check outside the \\\"if \\\"(!new-\u003ecycle_time)\\\"\\nbranch. This way covers both conditions and scenarios.\\n\\nAdd a selftest which illustrates the issue triggered by syzbot.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/sched: taprio: extiende la restricci\u00f3n de intervalo m\u00ednimo a todo el ciclo tambi\u00e9n. Es posible que syzbot eluda la restricci\u00f3n impuesta por el commit culpable en la etiqueta Fixes:, porque el taprio UAPI permite un tiempo de ciclo diferente (y potencialmente m\u00e1s corto) de la suma de los intervalos de entrada. Necesitamos una restricci\u00f3n m\u00e1s, que es que el tiempo del ciclo en s\u00ed debe ser mayor que N * ETH_ZLEN bits, donde N es el n\u00famero de entradas de programaci\u00f3n. Esta restricci\u00f3n debe aplicarse independientemente de si el tiempo del ciclo provino del usuario o fue un valor impl\u00edcito calculado autom\u00e1ticamente, por lo que movemos la verificaci\u00f3n \\\"ciclo == 0\\\" existente fuera de \\\"if \\\"(!new-\u0026gt;cycle_time)\\\". rama. De esta manera cubre tanto las condiciones como los escenarios. Agregue una autoprueba que ilustre el problema desencadenado por syzbot.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/34d83c3e6e97867ae061d14eb52123404aab1cbc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/91f249b01fe490fce11fbb4307952ca8cce78724\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b939d1e04a90248b4cdf417b0969c270ceb992b2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fb66df20a7201e60f2b13d7f95d031b31a8831d3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/91f249b01fe490fce11fbb4307952ca8cce78724\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/b939d1e04a90248b4cdf417b0969c270ceb992b2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/fb66df20a7201e60f2b13d7f95d031b31a8831d3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.