Description
In the Linux kernel, the following vulnerability has been resolved: net_sched: keep alloc_hash updated after hash allocation In commit 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex") I moved cp->hash calculation before the first tcindex_alloc_perfect_hash(), but cp->alloc_hash is left untouched. This difference could lead to another out of bound access. cp->alloc_hash should always be the size allocated, we should update it after this tcindex_alloc_perfect_hash().
References (9)
Core 9
Core References
Third Party Advisory
https://blog.cdthoughts.ch/2021/03/16/syzbot-bug.html
Scores
CVSS v3
7.1
EPSS
0.0015
EPSS Percentile
4.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (15)
Linux/Linux
2c66ff8d08f81bcf8e8cb22e31e39c051b15336a - bd3ee8fb6371b45c71c9345cc359b94da2ddefa9
Linux/Linux
4.14.171 - 4.14.175
Linux/Linux
4.19.103 - 4.19.114
Linux/Linux
4.4.214 - 4.4.218
Linux/Linux
4.9.214 - 4.9.218
Linux/Linux
478c4b2ffd44e5186c7e22ae7c38a86a5b9cfde5 - 557d015ffb27b672e24e6ad141fd887783871dc2
Linux/Linux
5.4.19 - 5.4.29
Linux/Linux
5.5.3 - 5.5.14
Linux/Linux
599be01ee567b61f4471ee8078870847d0a11e8e - 0d1c3530e1bd38382edef72591b78e877e0edcd3
Linux/Linux
6cb448ee493c8a514c9afa0c346f3f5b3227de85 - 9f8b6c44be178c2498a00b270872a6e30e7c8266
... and 5 more
Published
May 07, 2025
Tracked Since
Feb 18, 2026