{"id":"CVE-2024-36978","summary":"net: sched: sch_multiq: fix possible OOB write in multiq_tune()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: sch_multiq: fix possible OOB write in multiq_tune()\n\nq-\u003ebands will be assigned to qopt-\u003ebands to execute subsequent code logic\nafter kmalloc. So the old q-\u003ebands should not be used in kmalloc.\nOtherwise, an out-of-bounds write will occur.","aliases":["A-349777785","ASB-A-349777785"],"modified":"2026-04-03T13:14:36.871544Z","published":"2024-06-19T06:20:23.103Z","related":["ALSA-2024:8162","SUSE-SU-2024:2372-1","SUSE-SU-2024:2394-1","SUSE-SU-2024:2571-1","SUSE-SU-2024:2896-1","SUSE-SU-2024:2939-1","SUSE-SU-2024:2973-1","SUSE-SU-2025:02264-1","SUSE-SU-2025:02308-1","SUSE-SU-2025:02320-1","SUSE-SU-2025:02321-1","SUSE-SU-2025:02322-1","SUSE-SU-2025:02537-1","SUSE-SU-2025:02821-1","SUSE-SU-2025:02832-1","SUSE-SU-2025:02833-1","SUSE-SU-2025:02834-1","SUSE-SU-2025:02857-1","SUSE-SU-2025:02859-1","SUSE-SU-2025:02860-1","SUSE-SU-2025:02894-1","SUSE-SU-2025:02897-1","SUSE-SU-2025:02909-1","SUSE-SU-2025:02917-1","SUSE-SU-2025:02930-1","SUSE-SU-2025:02932-1","SUSE-SU-2025:02945-1","SUSE-SU-2025:02955-1","SUSE-SU-2025:20008-1","SUSE-SU-2025:20028-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36978.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0f208fad86631e005754606c3ec80c0d44a11882"},{"type":"WEB","url":"https://git.kernel.org/stable/c/52b1aa07cda6a199cd6754d3798c7759023bc70f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/54c2c171c11a798fe887b3ff72922aa9d1411c1e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/598572c64287aee0b75bbba4e2881496878860f3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/affc18fdc694190ca7575b9a86632a73b9fe043d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d5d9d241786f49ae7cbc08e7fc95a115e9d80f3d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d6fb5110e8722bc00748f22caeb650fe4672f129"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36978.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36978"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c2999f7fb05b87da4060e38150c70fa46794d82b"},{"fixed":"d5d9d241786f49ae7cbc08e7fc95a115e9d80f3d"},{"fixed":"52b1aa07cda6a199cd6754d3798c7759023bc70f"},{"fixed":"598572c64287aee0b75bbba4e2881496878860f3"},{"fixed":"0f208fad86631e005754606c3ec80c0d44a11882"},{"fixed":"54c2c171c11a798fe887b3ff72922aa9d1411c1e"},{"fixed":"d6fb5110e8722bc00748f22caeb650fe4672f129"},{"fixed":"affc18fdc694190ca7575b9a86632a73b9fe043d"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36978.json"}}],"schema_version":"1.7.5"}