{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-36978","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-30T15:25:07.082Z","datePublished":"2024-06-19T06:20:23.103Z","dateUpdated":"2025-11-03T21:55:30.685Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:13:14.643Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: sch_multiq: fix possible OOB write in multiq_tune()\n\nq->bands will be assigned to qopt->bands to execute subsequent code logic\nafter kmalloc. So the old q->bands should not be used in kmalloc.\nOtherwise, an out-of-bounds write will occur."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/sched/sch_multiq.c"],"versions":[{"version":"c2999f7fb05b87da4060e38150c70fa46794d82b","lessThan":"d5d9d241786f49ae7cbc08e7fc95a115e9d80f3d","status":"affected","versionType":"git"},{"version":"c2999f7fb05b87da4060e38150c70fa46794d82b","lessThan":"52b1aa07cda6a199cd6754d3798c7759023bc70f","status":"affected","versionType":"git"},{"version":"c2999f7fb05b87da4060e38150c70fa46794d82b","lessThan":"598572c64287aee0b75bbba4e2881496878860f3","status":"affected","versionType":"git"},{"version":"c2999f7fb05b87da4060e38150c70fa46794d82b","lessThan":"0f208fad86631e005754606c3ec80c0d44a11882","status":"affected","versionType":"git"},{"version":"c2999f7fb05b87da4060e38150c70fa46794d82b","lessThan":"54c2c171c11a798fe887b3ff72922aa9d1411c1e","status":"affected","versionType":"git"},{"version":"c2999f7fb05b87da4060e38150c70fa46794d82b","lessThan":"d6fb5110e8722bc00748f22caeb650fe4672f129","status":"affected","versionType":"git"},{"version":"c2999f7fb05b87da4060e38150c70fa46794d82b","lessThan":"affc18fdc694190ca7575b9a86632a73b9fe043d","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/sched/sch_multiq.c"],"versions":[{"version":"5.4","status":"affected"},{"version":"0","lessThan":"5.4","status":"unaffected","versionType":"semver"},{"version":"5.4.279","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.221","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.162","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.95","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.35","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.9.6","lessThanOrEqual":"6.9.*","status":"unaffected","versionType":"semver"},{"version":"6.10","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"5.4.279"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"5.10.221"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"5.15.162"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"6.1.95"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"6.6.35"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"6.9.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"6.10"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/d5d9d241786f49ae7cbc08e7fc95a115e9d80f3d"},{"url":"https://git.kernel.org/stable/c/52b1aa07cda6a199cd6754d3798c7759023bc70f"},{"url":"https://git.kernel.org/stable/c/598572c64287aee0b75bbba4e2881496878860f3"},{"url":"https://git.kernel.org/stable/c/0f208fad86631e005754606c3ec80c0d44a11882"},{"url":"https://git.kernel.org/stable/c/54c2c171c11a798fe887b3ff72922aa9d1411c1e"},{"url":"https://git.kernel.org/stable/c/d6fb5110e8722bc00748f22caeb650fe4672f129"},{"url":"https://git.kernel.org/stable/c/affc18fdc694190ca7575b9a86632a73b9fe043d"}],"title":"net: sched: sch_multiq: fix possible OOB write in multiq_tune()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-21T00:00:00+00:00","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3","id":"CVE-2024-36978"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-22T04:55:12.222Z"}},{"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/d5d9d241786f49ae7cbc08e7fc95a115e9d80f3d","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/52b1aa07cda6a199cd6754d3798c7759023bc70f","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/598572c64287aee0b75bbba4e2881496878860f3","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/0f208fad86631e005754606c3ec80c0d44a11882","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/54c2c171c11a798fe887b3ff72922aa9d1411c1e","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/d6fb5110e8722bc00748f22caeb650fe4672f129","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/affc18fdc694190ca7575b9a86632a73b9fe043d","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T21:55:30.685Z"}}]}}