CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (!4583) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

CKI Backport Bot requested to merge redhat/red-hat-ci-tools/kernel/bot-branches/centos-stream-9:backport-RHEL-43470-centos-stream-9-main into main Jun 25, 2024

JIRA: https://issues.redhat.com/browse/RHEL-43470
CVE: CVE-2024-36978

net: sched: sch_multiq: fix possible OOB write in multiq_tune()

q->bands will be assigned to qopt->bands to execute subsequent code logic
after kmalloc. So the old q->bands should not be used in kmalloc.
Otherwise, an out-of-bounds write will occur.

Fixes: c2999f7fb05b ("net: sched: multiq: don't call qdisc_put() while holding tree lock")
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Acked-by: Cong Wang <cong.wang@bytedance.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit affc18fdc694190ca7575b9a86632a73b9fe043d)

Signed-off-by: cki-backport-bot cki-ci-bot+cki-gitlab-backport-bot@redhat.com

CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune()

Merge request reports