CVE-2024-46828

Summary

CVE-2024-46828 is a vulnerability affecting the Linux kernel's scheduling subsystem, specifically in the sch_cake component. The issue arises from a flawed interaction between bulk flow accounting logic and hash collision handling in sch_cake's host fairness mode. In this mode, when a hash collision occurs, the state of the affected hash bucket is updated, causing the bulk flow counters of the corresponding host(s) to be decremented. However, these decrements may not belong to the same host anymore due to the hash collision. If the host fairness is disabled at the time of the collision, the decremented value can wrap around to U16_MAX, causing an array out-of-bounds index when host fairness is later enabled. This vulnerability was discovered by the syzbot project and can be triggered by first configuring sch_cake with host fairness disabled, then experiencing a hash collision, and finally enabling host fairness. The patch resolves the issue by introducing a conditional check on decrement, similar to the one used on increment. It's important to note that this vulnerability existed before the upstreaming of cake, but the listed commit in the Fixes tag affected the relevant code. Therefore, this patch won't apply before that commit.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.