CVE-2024-36978 Information

Description

In the Linux kernel the following vulnerability has been resolved:

net: sched: sch_multiq: fix possible OOB write in multiq_tune()

q->bands will be assigned to qopt->bands to execute subsequent code logic after kmalloc. So the old q->bands should not be used in kmalloc. Otherwise an out-of-bounds write will occur.

Reference

https://git.kernel.org/stable/c/affc18fdc694190ca7575b9a86632a73b9fe043d