Description
In the Linux kernel, the following vulnerability has been resolved: net/sched: Abort __tc_modify_qdisc if parent class does not exist Lion's patch [1] revealed an ancient bug in the qdisc API. Whenever a user creates/modifies a qdisc specifying as a parent another qdisc, the qdisc API will, during grafting, detect that the user is not trying to attach to a class and reject. However grafting is performed after qdisc_create (and thus the qdiscs' init callback) is executed. In qdiscs that eventually call qdisc_tree_reduce_backlog during init or change (such as fq, hhf, choke, etc), an issue arises. For example, executing the following commands: sudo tc qdisc add dev lo root handle a: htb default 2 sudo tc qdisc add dev lo parent a: handle beef fq Qdiscs such as fq, hhf, choke, etc unconditionally invoke qdisc_tree_reduce_backlog() in their control path init() or change() which then causes a failure to find the child class; however, that does not stop the unconditional invocation of the assumed child qdisc's qlen_notify with a null class. All these qdiscs make the assumption that class is non-null. The solution is ensure that qdisc_leaf() which looks up the parent class, and is invoked prior to qdisc_create(), should return failure on not finding the class. In this patch, we leverage qdisc_leaf to return ERR_PTRs whenever the parentid doesn't correspond to a class, so that we can detect it earlier on and abort before qdisc_create is called. [1] https://lore.kernel.org/netdev/[email protected]/
Details
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Packages
| Software | From version | Fixed in |
|---|---|---|
| linux | — | 6.8.0-100.100 |
| linux-allwinner-5.19 | — | — |
| linux-aws | — | 6.8.0-1046.49 |
| linux-aws-5.0 | — | — |
| linux-aws-5.11 | — | — |
| linux-aws-5.13 | — | — |
| linux-aws-5.15 | — | 5.15.0-1092.99~20.04.1 |
| linux-aws-5.19 | — | — |
| linux-aws-5.3 | — | — |
| linux-aws-5.4 | — | — |
| linux-aws-5.8 | — | — |
| linux-aws-6.14 | — | 6.14.0-1017.17~24.04.1 |
| linux-aws-6.2 | — | — |
| linux-aws-6.5 | — | — |
| linux-aws-6.8 | — | 6.8.0-1046.49~22.04.1 |
| linux-aws-fips | — | 6.8.0-1046.49+fips1 |
| linux-aws-hwe | — | — |
| linux-azure | — | 6.8.0-1046.52 |
| linux-azure-4.15 | — | — |
| linux-azure-5.11 | — | — |
| linux-azure-5.13 | — | — |
| linux-azure-5.15 | — | 5.15.0-1096.105~20.04.1 |
| linux-azure-5.19 | — | — |
| linux-azure-5.3 | — | — |
| linux-azure-5.4 | — | — |
| linux-azure-5.8 | — | — |
| linux-azure-6.11 | — | — |
| linux-azure-6.14 | — | 6.14.0-1017.17~24.04.1 |
| linux-azure-6.2 | — | — |
| linux-azure-6.5 | — | — |
| linux-azure-6.8 | — | 6.8.0-1051.57~22.04.1 |
| linux-azure-edge | — | — |
| linux-azure-fde | — | — |
| linux-azure-fde-5.19 | — | — |
| linux-azure-fde-6.14 | — | — |
| linux-azure-fde-6.17 | — | — |
| linux-azure-fde-6.2 | — | — |
| linux-azure-fde-6.8 | — | — |
| linux-azure-fips | — | 6.8.0-1046.52+fips1 |
| linux-azure-nvidia | — | — |
| linux-azure-nvidia-6.14 | — | — |
| linux-bluefield | — | — |
| linux-fips | — | 6.8.0-100.100+fips1 |
| linux-gcp | — | 6.8.0-1047.50 |
| linux-gcp-4.15 | — | — |
| linux-gcp-5.11 | — | — |
| linux-gcp-5.13 | — | — |
| linux-gcp-5.15 | — | 5.15.0-1092.101~20.04.1 |
| linux-gcp-5.19 | — | — |
| linux-gcp-5.3 | — | — |
| linux-gcp-5.4 | — | — |
| linux-gcp-5.8 | — | — |
| linux-gcp-6.11 | — | — |
| linux-gcp-6.14 | — | 6.14.0-1020.21~24.04.1 |
| linux-gcp-6.2 | — | — |
| linux-gcp-6.5 | — | — |
| linux-gcp-6.8 | — | 6.8.0-1047.50~22.04.2 |
| linux-gcp-fips | — | 6.8.0-1047.50+fips1 |
| linux-gke | — | 6.8.0-1043.48 |
| linux-gke-4.15 | — | — |
| linux-gke-5.15 | — | — |
| linux-gke-5.4 | — | — |
| linux-gkeop | — | 6.8.0-1030.33 |
| linux-gkeop-5.15 | — | — |
| linux-gkeop-5.4 | — | — |
| linux-hwe | — | — |
| linux-hwe-5.11 | — | — |
| linux-hwe-5.13 | — | — |
| linux-hwe-5.15 | — | 5.15.0-156.166~20.04.1 |
| linux-hwe-5.19 | — | — |
| linux-hwe-5.4 | — | — |
| linux-hwe-5.8 | — | — |
| linux-hwe-6.11 | — | — |
| linux-hwe-6.2 | — | — |
| linux-hwe-6.5 | — | — |
| linux-hwe-6.8 | — | 6.8.0-100.100~22.04.1 |
| linux-hwe-edge | — | — |
| linux-ibm | — | 6.8.0-1044.44 |
| linux-ibm-5.15 | — | 5.15.0-1086.89~20.04.1 |
| linux-ibm-5.4 | — | — |
| linux-ibm-6.8 | — | 6.8.0-1044.44~22.04.1 |
| linux-intel | — | — |
| linux-intel-5.13 | — | — |
| linux-intel-iot-realtime | — | 5.15.0-1085.87 |
| linux-intel-iotg | — | 5.15.0-1087.93 |
| linux-intel-iotg-5.15 | — | 5.15.0-1087.93~20.04.1 |
| linux-iot | — | — |
| linux-kvm | — | 5.15.0-1088.93 |
| linux-lowlatency | — | 6.8.0-100.100.1 |
| linux-lowlatency-hwe-5.15 | — | 5.15.0-156.166~20.04.1 |
| linux-lowlatency-hwe-5.19 | — | — |
| linux-lowlatency-hwe-6.11 | — | — |
| linux-lowlatency-hwe-6.2 | — | — |
| linux-lowlatency-hwe-6.5 | — | — |
| linux-lowlatency-hwe-6.8 | — | 6.8.0-100.100.1~22.04.1 |
| linux-lts-xenial | — | — |
| linux-nvidia | — | 6.8.0-1046.49 |
| linux-nvidia-6.11 | — | — |
| linux-nvidia-6.2 | — | — |
| linux-nvidia-6.5 | — | — |
| linux-nvidia-6.8 | — | 6.8.0-1046.49~22.04.1 |
| linux-nvidia-lowlatency | — | 6.8.0-1046.49.1 |
| linux-nvidia-tegra | — | 6.8.0-1020.20 |
| linux-nvidia-tegra-5.15 | — | 5.15.0-1045.45~20.04.1 |
| linux-nvidia-tegra-igx | — | 5.15.0-1034.34 |
| linux-oem | — | — |
| linux-oem-5.10 | — | — |
| linux-oem-5.13 | — | — |
| linux-oem-5.14 | — | — |
| linux-oem-5.17 | — | — |
| linux-oem-5.6 | — | — |
| linux-oem-6.0 | — | — |
| linux-oem-6.1 | — | — |
| linux-oem-6.11 | — | — |
| linux-oem-6.14 | — | 6.14.0-1016.16 |
| linux-oem-6.5 | — | — |
| linux-oem-6.8 | — | — |
| linux-oracle | — | 6.8.0-1043.44 |
| linux-oracle-5.0 | — | — |
| linux-oracle-5.11 | — | — |
| linux-oracle-5.13 | — | — |
| linux-oracle-5.15 | — | 5.15.0-1090.96~20.04.1 |
| linux-oracle-5.3 | — | — |
| linux-oracle-5.4 | — | — |
| linux-oracle-5.8 | — | — |
| linux-oracle-6.14 | — | 6.14.0-1017.17~24.04.1 |
| linux-oracle-6.5 | — | — |
| linux-oracle-6.8 | — | 6.8.0-1043.44~22.04.1 |
| linux-raspi | — | 6.8.0-1047.51 |
| linux-raspi-5.4 | — | — |
| linux-raspi-realtime | — | 6.8.0-2037.38 |
| linux-raspi2 | — | — |
| linux-realtime | — | 6.8.1-1041.42 |
| linux-realtime-6.14 | — | 6.14.0-1016.16~24.04.1 |
| linux-realtime-6.8 | — | 6.8.1-1041.42~22.04.1 |
| linux-riscv | — | — |
| linux-riscv-5.11 | — | — |
| linux-riscv-5.15 | — | 5.15.0-1087.91~20.04.1 |
| linux-riscv-5.19 | — | — |
| linux-riscv-5.8 | — | — |
| linux-riscv-6.14 | — | 6.14.0-36.36.1~24.04.1 |
| linux-riscv-6.5 | — | — |
| linux-riscv-6.8 | — | 6.8.0-100.100~22.04.1 |
| linux-starfive-5.19 | — | — |
| linux-starfive-6.2 | — | — |
| linux-starfive-6.5 | — | — |
| linux-xilinx | — | 6.8.0-1023.24 |
| linux-xilinx-zynqmp | — | 5.15.0-1056.60 |
References
Similar Threats
- Unknown CGA-23jx-hhcx-m389
- Unknown CGA-2qp7-6757-fmgc
- Unknown CGA-2rj5-jc55-r267
- Unknown CGA-3m96-cwq8-6xmx
- Unknown CGA-3qj9-973w-fh9g
Free Vulnerability Check
Is your WordPress site affected?
BotEraser helps you identify potentially vulnerable plugins and themes by checking your installation against known CVE records.
Scan My Site Free →No credit card required · Results in minutes
ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.