{"id":"CVE-2024-36244","summary":"net/sched: taprio: extend minimum interval restriction to entire cycle too","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: taprio: extend minimum interval restriction to entire cycle too\n\nIt is possible for syzbot to side-step the restriction imposed by the\nblamed commit in the Fixes: tag, because the taprio UAPI permits a\ncycle-time different from (and potentially shorter than) the sum of\nentry intervals.\n\nWe need one more restriction, which is that the cycle time itself must\nbe larger than N * ETH_ZLEN bit times, where N is the number of schedule\nentries. This restriction needs to apply regardless of whether the cycle\ntime came from the user or was the implicit, auto-calculated value, so\nwe move the existing \"cycle == 0\" check outside the \"if \"(!new-\u003ecycle_time)\"\nbranch. This way covers both conditions and scenarios.\n\nAdd a selftest which illustrates the issue triggered by syzbot.","modified":"2026-04-16T04:32:55.685040498Z","published":"2024-06-21T10:18:06.373Z","related":["ALSA-2024:8617","SUSE-SU-2024:3983-1","SUSE-SU-2024:3984-1","SUSE-SU-2024:3985-1","SUSE-SU-2024:3986-1","SUSE-SU-2024:4318-1","SUSE-SU-2024:4364-1","SUSE-SU-2024:4387-1","SUSE-SU-2025:20163-1","SUSE-SU-2025:20164-1","SUSE-SU-2025:20246-1","SUSE-SU-2025:20247-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36244.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/34d83c3e6e97867ae061d14eb52123404aab1cbc"},{"type":"WEB","url":"https://git.kernel.org/stable/c/91f249b01fe490fce11fbb4307952ca8cce78724"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b939d1e04a90248b4cdf417b0969c270ceb992b2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fb66df20a7201e60f2b13d7f95d031b31a8831d3"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36244.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36244"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"b5b73b26b3ca34574124ed7ae9c5ba8391a7f176"},{"fixed":"34d83c3e6e97867ae061d14eb52123404aab1cbc"},{"fixed":"b939d1e04a90248b4cdf417b0969c270ceb992b2"},{"fixed":"91f249b01fe490fce11fbb4307952ca8cce78724"},{"fixed":"fb66df20a7201e60f2b13d7f95d031b31a8831d3"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"83bd58952b2b8543d8c48d1453975ab47a0a7504"},{"last_affected":"817ff50796c5e364c879596509f83fcba194bb6f"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36244.json"}}],"schema_version":"1.7.5"}