CVE-2024-36978

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-36978
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36978.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-36978
Aliases
Downstream
Related
Published
2024-06-19T06:20:23.103Z
Modified
2026-03-14T12:34:17.262859Z
Summary
net: sched: sch_multiq: fix possible OOB write in multiq_tune()
Details

In the Linux kernel, the following vulnerability has been resolved:

net: sched: schmultiq: fix possible OOB write in multiqtune()

q->bands will be assigned to qopt->bands to execute subsequent code logic after kmalloc. So the old q->bands should not be used in kmalloc. Otherwise, an out-of-bounds write will occur.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36978.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c2999f7fb05b87da4060e38150c70fa46794d82b
Fixed
d5d9d241786f49ae7cbc08e7fc95a115e9d80f3d
Fixed
52b1aa07cda6a199cd6754d3798c7759023bc70f
Fixed
598572c64287aee0b75bbba4e2881496878860f3
Fixed
0f208fad86631e005754606c3ec80c0d44a11882
Fixed
54c2c171c11a798fe887b3ff72922aa9d1411c1e
Fixed
d6fb5110e8722bc00748f22caeb650fe4672f129
Fixed
affc18fdc694190ca7575b9a86632a73b9fe043d

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36978.json"