CVE-2024-36244 Information

Description

In the Linux kernel the following vulnerability has been resolved:

net/sched: taprio: extend minimum interval restriction to entire cycle too

It is possible for syzbot to side-step the restriction imposed by the blamed commit in the Fixes: tag because the taprio UAPI permits a cycle-time different from (and potentially shorter than) the sum of entry intervals.

We need one more restriction which is that the cycle time itself must be larger than N ETH_ZLEN bit times where N is the number of schedule entries. This restriction needs to apply regardless of whether the cycle time came from the user or was the implicit auto-calculated value so we move the existing ## Reference https://git.kernel.org/stable/c/b939d1e04a90248b4cdf417b0969c270ceb992b2 https://git.kernel.org/stable/c/91f249b01fe490fce11fbb4307952ca8cce78724 https://git.kernel.org/stable/c/fb66df20a7201e60f2b13d7f95d031b31a8831d3