Vulnerability-Lookup

SUSE-SU-2025:0414-1

Vulnerability from csaf_suse - Published: 2025-02-11 03:33 - Updated: 2025-02-11 03:33

Summary

Security update for the Linux Kernel (Live Patch 62 for SLE 12 SP5)

Notes

Title of the patch

Security update for the Linux Kernel (Live Patch 62 for SLE 12 SP5)

Description of the patch

This update for the Linux Kernel 4.12.14-122_234 fixes one issue. The following security issue was fixed: - CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230998).

Patchnames

SUSE-2025-414,SUSE-SLE-Live-Patching-12-SP5-2025-414

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 62 for SLE 12 SP5)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 4.12.14-122_234 fixes one issue.\n\nThe following security issue was fixed:\n\n- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230998).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2025-414,SUSE-SLE-Live-Patching-12-SP5-2025-414",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0414-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:0414-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250414-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:0414-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020308.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1230998",
        "url": "https://bugzilla.suse.com/1230998"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-45016 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-45016/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 62 for SLE 12 SP5)",
    "tracking": {
      "current_release_date": "2025-02-11T03:33:33Z",
      "generator": {
        "date": "2025-02-11T03:33:33Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:0414-1",
      "initial_release_date": "2025-02-11T03:33:33Z",
      "revision_history": [
        {
          "date": "2025-02-11T03:33:33Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-4_12_14-122_234-default-3-2.1.ppc64le",
                "product": {
                  "name": "kgraft-patch-4_12_14-122_234-default-3-2.1.ppc64le",
                  "product_id": "kgraft-patch-4_12_14-122_234-default-3-2.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-4_12_14-122_234-default-3-2.1.s390x",
                "product": {
                  "name": "kgraft-patch-4_12_14-122_234-default-3-2.1.s390x",
                  "product_id": "kgraft-patch-4_12_14-122_234-default-3-2.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-4_12_14-122_234-default-3-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-4_12_14-122_234-default-3-2.1.x86_64",
                  "product_id": "kgraft-patch-4_12_14-122_234-default-3-2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 12 SP5",
                  "product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_12_14-122_234-default-3-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_234-default-3-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_12_14-122_234-default-3-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_12_14-122_234-default-3-2.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_234-default-3-2.1.s390x"
        },
        "product_reference": "kgraft-patch-4_12_14-122_234-default-3-2.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_12_14-122_234-default-3-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_234-default-3-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_12_14-122_234-default-3-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-45016",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-45016"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: fix return value if duplicate enqueue fails\n\nThere is a bug in netem_enqueue() introduced by\ncommit 5845f706388a (\"net: netem: fix skb length BUG_ON in __skb_to_sgvec\")\nthat can lead to a use-after-free.\n\nThis commit made netem_enqueue() always return NET_XMIT_SUCCESS\nwhen a packet is duplicated, which can cause the parent qdisc\u0027s q.qlen\nto be mistakenly incremented. When this happens qlen_notify() may be\nskipped on the parent during destruction, leaving a dangling pointer\nfor some classful qdiscs like DRR.\n\nThere are two ways for the bug happen:\n\n- If the duplicated packet is dropped by rootq-\u003eenqueue() and then\n  the original packet is also dropped.\n- If rootq-\u003eenqueue() sends the duplicated packet to a different qdisc\n  and the original packet is dropped.\n\nIn both cases NET_XMIT_SUCCESS is returned even though no packets\nare enqueued at the netem qdisc.\n\nThe fix is to defer the enqueue of the duplicate packet until after\nthe original packet has been guaranteed to return NET_XMIT_SUCCESS.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_234-default-3-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_234-default-3-2.1.s390x",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_234-default-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-45016",
          "url": "https://www.suse.com/security/cve/CVE-2024-45016"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1230429 for CVE-2024-45016",
          "url": "https://bugzilla.suse.com/1230429"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1230998 for CVE-2024-45016",
          "url": "https://bugzilla.suse.com/1230998"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_234-default-3-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_234-default-3-2.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_234-default-3-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_234-default-3-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_234-default-3-2.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_234-default-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-11T03:33:33Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-45016"
    }
  ]
}

CVE-2024-45016 (GCVE-0-2024-45016)

Vulnerability from cvelistv5 – Published: 2024-09-11 15:13 – Updated: 2025-11-03 22:15

Title

netem: fix return value if duplicate enqueue fails

Summary

In the Linux kernel, the following vulnerability has been resolved: netem: fix return value if duplicate enqueue fails There is a bug in netem_enqueue() introduced by commit 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec") that can lead to a use-after-free. This commit made netem_enqueue() always return NET_XMIT_SUCCESS when a packet is duplicated, which can cause the parent qdisc's q.qlen to be mistakenly incremented. When this happens qlen_notify() may be skipped on the parent during destruction, leaving a dangling pointer for some classful qdiscs like DRR. There are two ways for the bug happen: - If the duplicated packet is dropped by rootq->enqueue() and then the original packet is also dropped. - If rootq->enqueue() sends the duplicated packet to a different qdisc and the original packet is dropped. In both cases NET_XMIT_SUCCESS is returned even though no packets are enqueued at the netem qdisc. The fix is to defer the enqueue of the duplicate packet until after the original packet has been guaranteed to return NET_XMIT_SUCCESS.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/759e3e8c4a6a6b4e5…
	https://git.kernel.org/stable/c/c414000da1c2ea1ba…
	https://git.kernel.org/stable/c/52d99a69f3d556c64…
	https://git.kernel.org/stable/c/0486d31dd8198e22b…
	https://git.kernel.org/stable/c/577d6c0619467fe90…
	https://git.kernel.org/stable/c/e5bb2988a310667ab…
	https://git.kernel.org/stable/c/c07ff8592d57ed258…

Impacted products

Vendor

Product

Version

Linux

Affected: 5845f706388a4cde0f6b80f9e5d33527e942b7d9 , < 759e3e8c4a6a6b4e52ebc4547123a457f0ce90d4 (git)
Affected: 5845f706388a4cde0f6b80f9e5d33527e942b7d9 , < c414000da1c2ea1ba9a5e5bb1a4ba774e51e202d (git)
Affected: 5845f706388a4cde0f6b80f9e5d33527e942b7d9 , < 52d99a69f3d556c6426048c9d481b912205919d8 (git)
Affected: 5845f706388a4cde0f6b80f9e5d33527e942b7d9 , < 0486d31dd8198e22b63a4730244b38fffce6d469 (git)
Affected: 5845f706388a4cde0f6b80f9e5d33527e942b7d9 , < 577d6c0619467fe90f7e8e57e45cb5bd9d936014 (git)
Affected: 5845f706388a4cde0f6b80f9e5d33527e942b7d9 , < e5bb2988a310667abed66c7d3ffa28880cf0f883 (git)
Affected: 5845f706388a4cde0f6b80f9e5d33527e942b7d9 , < c07ff8592d57ed258afee5a5e04991a48dbaf382 (git)
Affected: a550a01b8af856f2684b0f79d552f5119eb5006c (git)
Affected: 009510a90e230bb495f3fe25c7db956679263b07 (git)
Affected: 4de7d30668cb8b06330992e1cd336f91700a2ce7 (git)
Affected: d1dd2e15c85e890a1cc9bde5ba07ae63331e5c73 (git)
Affected: 0148fe458b5705e2fea7cb88294fed7e36066ca2 (git)

Linux

Affected: 5.0
Unaffected: 0 , < 5.0 (semver)
Unaffected: 5.4.283 , ≤ 5.4.* (semver)
Unaffected: 5.10.225 , ≤ 5.10.* (semver)
Unaffected: 5.15.166 , ≤ 5.15.* (semver)
Unaffected: 6.1.107 , ≤ 6.1.* (semver)
Unaffected: 6.6.48 , ≤ 6.6.* (semver)
Unaffected: 6.10.7 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45016",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T15:49:19.675501Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T15:49:33.932Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:15:21.244Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_netem.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "759e3e8c4a6a6b4e52ebc4547123a457f0ce90d4",
              "status": "affected",
              "version": "5845f706388a4cde0f6b80f9e5d33527e942b7d9",
              "versionType": "git"
            },
            {
              "lessThan": "c414000da1c2ea1ba9a5e5bb1a4ba774e51e202d",
              "status": "affected",
              "version": "5845f706388a4cde0f6b80f9e5d33527e942b7d9",
              "versionType": "git"
            },
            {
              "lessThan": "52d99a69f3d556c6426048c9d481b912205919d8",
              "status": "affected",
              "version": "5845f706388a4cde0f6b80f9e5d33527e942b7d9",
              "versionType": "git"
            },
            {
              "lessThan": "0486d31dd8198e22b63a4730244b38fffce6d469",
              "status": "affected",
              "version": "5845f706388a4cde0f6b80f9e5d33527e942b7d9",
              "versionType": "git"
            },
            {
              "lessThan": "577d6c0619467fe90f7e8e57e45cb5bd9d936014",
              "status": "affected",
              "version": "5845f706388a4cde0f6b80f9e5d33527e942b7d9",
              "versionType": "git"
            },
            {
              "lessThan": "e5bb2988a310667abed66c7d3ffa28880cf0f883",
              "status": "affected",
              "version": "5845f706388a4cde0f6b80f9e5d33527e942b7d9",
              "versionType": "git"
            },
            {
              "lessThan": "c07ff8592d57ed258afee5a5e04991a48dbaf382",
              "status": "affected",
              "version": "5845f706388a4cde0f6b80f9e5d33527e942b7d9",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "a550a01b8af856f2684b0f79d552f5119eb5006c",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "009510a90e230bb495f3fe25c7db956679263b07",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "4de7d30668cb8b06330992e1cd336f91700a2ce7",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "d1dd2e15c85e890a1cc9bde5ba07ae63331e5c73",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "0148fe458b5705e2fea7cb88294fed7e36066ca2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_netem.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "lessThan": "5.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.283",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.225",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.166",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.107",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.48",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.7",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.16.66",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.9.163",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.106",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.19.28",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.20.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: fix return value if duplicate enqueue fails\n\nThere is a bug in netem_enqueue() introduced by\ncommit 5845f706388a (\"net: netem: fix skb length BUG_ON in __skb_to_sgvec\")\nthat can lead to a use-after-free.\n\nThis commit made netem_enqueue() always return NET_XMIT_SUCCESS\nwhen a packet is duplicated, which can cause the parent qdisc\u0027s q.qlen\nto be mistakenly incremented. When this happens qlen_notify() may be\nskipped on the parent during destruction, leaving a dangling pointer\nfor some classful qdiscs like DRR.\n\nThere are two ways for the bug happen:\n\n- If the duplicated packet is dropped by rootq-\u003eenqueue() and then\n  the original packet is also dropped.\n- If rootq-\u003eenqueue() sends the duplicated packet to a different qdisc\n  and the original packet is dropped.\n\nIn both cases NET_XMIT_SUCCESS is returned even though no packets\nare enqueued at the netem qdisc.\n\nThe fix is to defer the enqueue of the duplicate packet until after\nthe original packet has been guaranteed to return NET_XMIT_SUCCESS."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:58:33.332Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/759e3e8c4a6a6b4e52ebc4547123a457f0ce90d4"
        },
        {
          "url": "https://git.kernel.org/stable/c/c414000da1c2ea1ba9a5e5bb1a4ba774e51e202d"
        },
        {
          "url": "https://git.kernel.org/stable/c/52d99a69f3d556c6426048c9d481b912205919d8"
        },
        {
          "url": "https://git.kernel.org/stable/c/0486d31dd8198e22b63a4730244b38fffce6d469"
        },
        {
          "url": "https://git.kernel.org/stable/c/577d6c0619467fe90f7e8e57e45cb5bd9d936014"
        },
        {
          "url": "https://git.kernel.org/stable/c/e5bb2988a310667abed66c7d3ffa28880cf0f883"
        },
        {
          "url": "https://git.kernel.org/stable/c/c07ff8592d57ed258afee5a5e04991a48dbaf382"
        }
      ],
      "title": "netem: fix return value if duplicate enqueue fails",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-45016",
    "datePublished": "2024-09-11T15:13:52.053Z",
    "dateReserved": "2024-08-21T05:34:56.682Z",
    "dateUpdated": "2025-11-03T22:15:21.244Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

SUSE-SU-2025:0414-1

CVE-2024-45016 (GCVE-0-2024-45016)

Tags

Sightings

Nomenclature