CVE-2024-36978

Advisory lineage Upstream: 0 Downstream: 59

Downstream

DEBIAN-CVE-2024-36978 DLA-4008-1 DSA-5730-1 DSA-5731-1 RHSA-2024:4823 RHSA-2024:4831

Modified

Published: 19 Jun 2024, 06:20

Last modified:12 May 2026, 11:54

Vulnerability Summary

Overall Risk (default)

medium

31/100

CVSS Score

7.8 HIGH

v3.1 (nvd)

EPSS Score

0.03% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

19 Jun 2024, 06:20

Published

Vulnerability first disclosed

12 May 2026, 11:54

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: net: sched: sch_multiq: fix possible OOB write in multiq_tune() q->bands will be assigned to qopt->bands to execute subsequent code logic after kmalloc. So the old q->bands should not be used in kmalloc. Otherwise, an out-of-bounds write will occur.

CVSS Metrics

v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.03%• Percentile: 9%

Techniques & Countermeasures

CWE-787•Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

Affected Systems

linux•linux
≥ c2999f7fb05b87da4060e38150c70fa46794d82b, < d5d9d241786f49ae7cbc08e7fc95a115e9d80f3d | ≥ c2999f7fb05b87da4060e38150c70fa46794d82b, < 52b1aa07cda6a199cd6754d3798c7759023bc70f | ≥ c2999f7fb05b87da4060e38150c70fa46794d82b, < 598572c64287aee0b75bbba4e2881496878860f3 | ≥ c2999f7fb05b87da4060e38150c70fa46794d82b, < 0f208fad86631e005754606c3ec80c0d44a11882 | ≥ c2999f7fb05b87da4060e38150c70fa46794d82b, < 54c2c171c11a798fe887b3ff72922aa9d1411c1e | ≥ c2999f7fb05b87da4060e38150c70fa46794d82b, < d6fb5110e8722bc00748f22caeb650fe4672f129 | ≥ c2999f7fb05b87da4060e38150c70fa46794d82b, < affc18fdc694190ca7575b9a86632a73b9fe043d | 5.4
linux•linux_kernel
≥ 5.4, < 5.4.279 | ≥ 5.5, < 5.10.221 | ≥ 5.11, < 5.15.162 | ≥ 5.16, < 6.1.95 | ≥ 6.2, < 6.6.35 | ≥ 6.7, < 6.9.6 | 6.10:rc1 | 6.10:rc2