{ "threat_severity" : "Moderate", "public_date" : "2024-06-19T00:00:00Z", "bugzilla" : { "description" : "kernel: net: sched: sch_multiq: fix possible OOB write in multiq_tune()", "id" : "2293078", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2293078" }, "cvss3" : { "cvss3_base_score" : "7.0", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-787", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nnet: sched: sch_multiq: fix possible OOB write in multiq_tune()\nq->bands will be assigned to qopt->bands to execute subsequent code logic\nafter kmalloc. So the old q->bands should not be used in kmalloc.\nOtherwise, an out-of-bounds write will occur.", "An out-of-bounds write flaw was found in the Linux kernel's multiq qdisc functionality. This vulnerability allows a local user to crash or potentially escalate their privileges on the system." ], "statement" : "This issue is for a specific configuration when the multiq of qdisc is being used. It is not easy to trigger unless the user is privileged because, apart from enabling this specific configuration, some complex conditions have to happen.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-08-08T00:00:00Z", "advisory" : "RHSA-2024:5102", "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv", "package" : "kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-08-08T00:00:00Z", "advisory" : "RHSA-2024:5101", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-553.16.1.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date" : "2024-09-24T00:00:00Z", "advisory" : "RHSA-2024:6993", "cpe" : "cpe:/o:redhat:rhel_eus:8.8", "package" : "kernel-0:4.18.0-477.74.1.el8_8" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-10-16T00:00:00Z", "advisory" : "RHSA-2024:8162", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.40.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-10-16T00:00:00Z", "advisory" : "RHSA-2024:8162", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.40.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date" : "2024-07-24T00:00:00Z", "advisory" : "RHSA-2024:4823", "cpe" : "cpe:/a:redhat:rhel_eus:9.2", "package" : "kernel-0:5.14.0-284.75.1.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date" : "2024-07-24T00:00:00Z", "advisory" : "RHSA-2024:4831", "cpe" : "cpe:/a:redhat:rhel_eus:9.2::nfv", "package" : "kernel-rt-0:5.14.0-284.75.1.rt14.360.el9_2" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-36978\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-36978\nhttps://lore.kernel.org/linux-cve-announce/2024061926-CVE-2024-36978-b4b8@gregkh/T" ], "name" : "CVE-2024-36978", "mitigation" : { "value" : "To mitigate this issue, prevent module sch_multiq from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "lang" : "en:us" }, "csaw" : false }