7.8 CVE-2024-53057
Patch
In the Linux kernel, the following vulnerability has been resolved:
net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT
In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed
to be either root or ingress. This assumption is bogus since it's valid
to create egress qdiscs with major handle ffff:
Budimir Markovic found that for qdiscs like DRR that maintain an active
class list, it will cause a UAF with a dangling class pointer.
In 066a3b5b2346, the concern was to avoid iterating over the ingress
qdisc since its parent is itself. The proper fix is to stop when parent
TC_H_ROOT is reached because the only way to retrieve ingress is when a
hierarchy which does not contain a ffff: major handle call into
qdisc_lookup with TC_H_MAJ(TC_H_ROOT).
In the scenario where major ffff: is an egress qdisc in any of the tree
levels, the updates will also propagate to TC_H_ROOT, which then the
iteration must stop.
net/sched/sch_api.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
https://nvd.nist.gov/vuln/detail/CVE-2024-53057
Categories
CWE-416
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67 Patch
CPE
cpe | start | end |
---|---|---|
Configuration 1 | ||
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | >= 2.6.25 | < 4.19.323 |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | >= 4.20 | < 5.4.285 |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | >= 5.5 | < 5.10.229 |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | >= 5.11 | < 5.15.171 |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | >= 5.16 | < 6.1.116 |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | >= 6.2 | < 6.6.60 |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | >= 6.7 | < 6.11.7 |
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:* |
REMEDIATION
Patch
EXPLOITS
Exploit-db.com
id | description | date | |
---|---|---|---|
No known exploits |
POC Github
Url |
---|
Other Nist (github, ...)
Url |
---|
No known exploits |
CAPEC
Common Attack Pattern Enumerations and Classifications
id | description | severity |
---|---|---|
No entry |
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.