Ubuntu: (Multiple Advisories) (CVE-2024-36244): Linux kernel vulnerabilities

Ubuntu: (Multiple Advisories) (CVE-2024-36244): Linux kernel vulnerabilities

Severity

4

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

06/21/2024

Created

09/13/2024

Added

09/12/2024

Modified

09/25/2024

Description

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: extend minimum interval restriction to entire cycle too It is possible for syzbot to side-step the restriction imposed by the blamed commit in the Fixes: tag, because the taprio UAPI permits a cycle-time different from (and potentially shorter than) the sum of entry intervals. We need one more restriction, which is that the cycle time itself must be larger than N * ETH_ZLEN bit times, where N is the number of schedule entries. This restriction needs to apply regardless of whether the cycle time came from the user or was the implicit, auto-calculated value, so we move the existing "cycle == 0" check outside the "if "(!new->cycle_time)" branch. This way covers both conditions and scenarios. Add a selftest which illustrates the issue triggered by syzbot.

Solution(s)

• ubuntu-upgrade-linux-image-6-8-0-1010-gke
• ubuntu-upgrade-linux-image-6-8-0-1011-raspi
• ubuntu-upgrade-linux-image-6-8-0-1012-ibm
• ubuntu-upgrade-linux-image-6-8-0-1012-oem
• ubuntu-upgrade-linux-image-6-8-0-1012-oracle
• ubuntu-upgrade-linux-image-6-8-0-1012-oracle-64k
• ubuntu-upgrade-linux-image-6-8-0-1013-nvidia
• ubuntu-upgrade-linux-image-6-8-0-1013-nvidia-64k
• ubuntu-upgrade-linux-image-6-8-0-1013-nvidia-lowlatency
• ubuntu-upgrade-linux-image-6-8-0-1013-nvidia-lowlatency-64k
• ubuntu-upgrade-linux-image-6-8-0-1014-azure
• ubuntu-upgrade-linux-image-6-8-0-1014-azure-fde
• ubuntu-upgrade-linux-image-6-8-0-1014-gcp
• ubuntu-upgrade-linux-image-6-8-0-1015-aws
• ubuntu-upgrade-linux-image-6-8-0-44-generic
• ubuntu-upgrade-linux-image-6-8-0-44-generic-64k
• ubuntu-upgrade-linux-image-6-8-0-44-lowlatency
• ubuntu-upgrade-linux-image-6-8-0-44-lowlatency-64k
• ubuntu-upgrade-linux-image-6-8-0-45-generic
• ubuntu-upgrade-linux-image-6-8-0-45-generic-64k
• ubuntu-upgrade-linux-image-aws
• ubuntu-upgrade-linux-image-azure
• ubuntu-upgrade-linux-image-azure-fde
• ubuntu-upgrade-linux-image-gcp
• ubuntu-upgrade-linux-image-generic
• ubuntu-upgrade-linux-image-generic-64k
• ubuntu-upgrade-linux-image-generic-64k-hwe-22-04
• ubuntu-upgrade-linux-image-generic-64k-hwe-24-04
• ubuntu-upgrade-linux-image-generic-hwe-22-04
• ubuntu-upgrade-linux-image-generic-hwe-24-04
• ubuntu-upgrade-linux-image-generic-lpae
• ubuntu-upgrade-linux-image-gke
• ubuntu-upgrade-linux-image-ibm
• ubuntu-upgrade-linux-image-ibm-classic
• ubuntu-upgrade-linux-image-ibm-lts-24-04
• ubuntu-upgrade-linux-image-kvm
• ubuntu-upgrade-linux-image-lowlatency
• ubuntu-upgrade-linux-image-lowlatency-64k
• ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04
• ubuntu-upgrade-linux-image-lowlatency-hwe-22-04
• ubuntu-upgrade-linux-image-nvidia
• ubuntu-upgrade-linux-image-nvidia-6-8
• ubuntu-upgrade-linux-image-nvidia-64k
• ubuntu-upgrade-linux-image-nvidia-64k-6-8
• ubuntu-upgrade-linux-image-nvidia-lowlatency
• ubuntu-upgrade-linux-image-nvidia-lowlatency-64k
• ubuntu-upgrade-linux-image-oem-22-04
• ubuntu-upgrade-linux-image-oem-22-04a
• ubuntu-upgrade-linux-image-oem-22-04b
• ubuntu-upgrade-linux-image-oem-22-04c
• ubuntu-upgrade-linux-image-oem-22-04d
• ubuntu-upgrade-linux-image-oracle
• ubuntu-upgrade-linux-image-oracle-64k
• ubuntu-upgrade-linux-image-raspi
• ubuntu-upgrade-linux-image-virtual
• ubuntu-upgrade-linux-image-virtual-hwe-22-04
• ubuntu-upgrade-linux-image-virtual-hwe-24-04

References

• https://attackerkb.com/topics/cve-2024-36244
• CVE - 2024-36244
• USN-6999-1
• USN-6999-2
• USN-7004-1
• USN-7005-1
• USN-7005-2
• USN-7008-1
• USN-7029-1

View more