PT-2024-35609 · Linux+7 · Linux Kernel+7

Published

2024-12-02

·

Updated

2026-01-29

·

CVE-2024-53164

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74
Description The issue concerns the Linux kernel's network scheduling subsystem, specifically the qdisc tree reduce backlog() function. Changes to sch->q.qlen around this function need to occur before the function call to ensure proper notification of parent qdiscs when a child qdisc is about to become empty. Failure to do so may result in notification failures.
Recommendations For versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider modifying the code to ensure that changes to sch->q.qlen happen before calling qdisc tree reduce backlog(). Restrict access to the vulnerable network scheduling subsystem to minimize the risk of exploitation until the update can be applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-459

Related Identifiers

BDU:2025-04146
CVE-2024-53164
DLA-4075-1
DLA-4076-1
INFSA-2025_6966
MGASA-2025-0030
MGASA-2025-0032
OESA-2025-1204
OESA-2025-1205
OPENSUSE-SU-2025:20081-1
OPENSUSE-SU-2025_0428-1
OPENSUSE-SU-2025_0499-1
OPENSUSE-SU-2025_0557-1
RHSA-2025:6966
RHSA-2025_6966
SUSE-SU-2025:02588-1
SUSE-SU-2025:02844-1
SUSE-SU-2025:02844-2
SUSE-SU-2025:02848-1
SUSE-SU-2025:02849-1
SUSE-SU-2025:02850-1
SUSE-SU-2025:02851-1
SUSE-SU-2025:02852-1
SUSE-SU-2025:0289-1
SUSE-SU-2025:0428-1
SUSE-SU-2025:0499-1
SUSE-SU-2025:0557-1
SUSE-SU-2025:20165-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20248-1
SUSE-SU-2025:20249-1
SUSE-SU-2025:20939-1
SUSE-SU-2025:20945-1
SUSE-SU-2025:20946-1
SUSE-SU-2025:20950-1
SUSE-SU-2025:20959-1
SUSE-SU-2025:20960-1
SUSE-SU-2025:20973-1
SUSE-SU-2025:20977-1
SUSE-SU-2025:20982-1
SUSE-SU-2025:20991-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:2588-1
SUSE-SU-2025:3880-1
SUSE-SU-2025:3892-1
SUSE-SU-2025:3935-1
SUSE-SU-2025:4000-1
SUSE-SU-2025:4016-1
SUSE-SU-2025:4031-1
SUSE-SU-2025:4036-1
SUSE-SU-2025:4040-1
SUSE-SU-2025:4043-1
SUSE-SU-2025:4050-1
SUSE-SU-2025:4059-1
SUSE-SU-2025:4078-1
SUSE-SU-2025_02588-1
SUSE-SU-2025_02844-1
SUSE-SU-2025_02844-2
SUSE-SU-2025_02848-1
SUSE-SU-2025_02849-1
SUSE-SU-2025_0428-1
SUSE-SU-2025_0499-1
SUSE-SU-2025_0557-1
SUSE-SU-2025_20994-1
SUSE-SU-2025_21139-1
SUSE-SU-2026:20149-1
SUSE-SU-2026:20164-1
SUSE-SU-2026:20169-1
USN-7234-1
USN-7234-2
USN-7234-3
USN-7234-4
USN-7234-5
USN-7235-1
USN-7235-2
USN-7235-3
USN-7236-1
USN-7236-2
USN-7236-3
USN-7237-1
USN-7238-1
USN-7238-2
USN-7238-3
USN-7238-4
USN-7295-1
USN-7308-1
USN-7311-1
USN-7342-1
USN-7344-1
USN-7344-2
USN-7389-1
USN-7390-1
USN-7413-1
USN-7468-1
USN-7987-1
USN-7987-2

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu