Description

In the Linux kernel, the following vulnerability has been resolved: net: sched: sch_multiq: fix possible OOB write in multiq_tune() q->bands will be assigned to qopt->bands to execute subsequent code logic after kmalloc. So the old q->bands should not be used in kmalloc. Otherwise, an out-of-bounds write will occur.

INFO

Published Date :

2024-06-19T06:20:23.103Z

Last Modified :

2025-11-03T21:55:30.685Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-36978 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
  • Rhel Eus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-36978.

URL Resource
https://git.kernel.org/stable/c/0f208fad86631e005754606c3ec80c0d44a11882 cve-icon cve-icon
https://git.kernel.org/stable/c/52b1aa07cda6a199cd6754d3798c7759023bc70f cve-icon cve-icon
https://git.kernel.org/stable/c/54c2c171c11a798fe887b3ff72922aa9d1411c1e cve-icon cve-icon
https://git.kernel.org/stable/c/598572c64287aee0b75bbba4e2881496878860f3 cve-icon cve-icon
https://git.kernel.org/stable/c/affc18fdc694190ca7575b9a86632a73b9fe043d cve-icon cve-icon
https://git.kernel.org/stable/c/d5d9d241786f49ae7cbc08e7fc95a115e9d80f3d cve-icon cve-icon
https://git.kernel.org/stable/c/d6fb5110e8722bc00748f22caeb650fe4672f129 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html cve-icon
https://lore.kernel.org/linux-cve-announce/2024061926-CVE-2024-36978-b4b8@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-36978 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-36978 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact