PT-2024-26927 · Linux+9 · Linux Kernel+9

Syzbot

·

Published

2024-05-27

·

Updated

2026-05-26

·

CVE-2024-36244

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37
Description The issue is related to the net/sched: taprio component of the Linux kernel, where the taprio UAPI allows a cycle-time different from the sum of entry intervals. This can be exploited by syzbot, which can side-step the restriction imposed by the blamed commit. To address this, a new restriction is added to ensure the cycle time itself is larger than N * ETH ZLEN bit times, where N is the number of schedule entries. This restriction applies regardless of whether the cycle time came from the user or was the implicit, auto-calculated value.
Recommendations Update to Linux kernel version 6.6.37 or later to resolve the issue. As a temporary workaround, consider restricting access to the taprio UAPI to minimize the risk of exploitation.

Exploit

Fix

RCE

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2024:8617
ALSA-2025_16880
AZL-68057
BDU:2025-08075
CVE-2024-36244
DLA-4008-1
DSA-5818-1
INFSA-2024_8617
MGASA-2024-0263
MGASA-2024-0266
OESA-2024-2292
OESA-2024-2293
OESA-2024-2295
OESA-2024-2296
OPENSUSE-SU-2024_3983-1
OPENSUSE-SU-2024_3984-1
OPENSUSE-SU-2024_3985-1
OPENSUSE-SU-2024_3986-1
RHSA-2024:8157
RHSA-2024:8158
RHSA-2024:8617
RHSA-2024_8617
RLSA-2024:8617
SUSE-SU-2024:3983-1
SUSE-SU-2024:3984-1
SUSE-SU-2024:3985-1
SUSE-SU-2024:3986-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4364-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
USN-6999-1
USN-6999-2
USN-7004-1
USN-7005-1
USN-7005-2
USN-7008-1
USN-7029-1

Affected Products

Almalinux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu