CVE-2024-37356

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37

Description A vulnerability in the Linux kernel has been resolved, specifically a shift-out-of-bounds issue in the dctcp update alpha() function. The vulnerability occurs when the dctcp shift g module parameter is set to a value that is too large, causing a shift exponent that is too large for a 32-bit type. This issue was triggered by the syzkaller tool, which started fuzzing module parameters. The vulnerability can be exploited by setting the dctcp shift g parameter to a value of 100, which is too large for the 32-bit type. To fix this issue, the maximum value of dctcp shift g has been limited using the param set uint minmax() function.

Recommendations To resolve this issue, update the Linux kernel to version 6.6.37 or later. As a temporary workaround, consider limiting the maximum value of the dctcp shift g module parameter to prevent shift-out-of-bounds issues.