CVE-2024-53164 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/33db36b3c53d0fda2699ea39ba72bee4de8336e8
https://git.kernel.org/stable/c/44782565e1e6174c94bddfa72ac7267cd09c1648
https://git.kernel.org/stable/c/489422e2befff88a1de52b2acebe7b333bded025
https://git.kernel.org/stable/c/5e473f462a16f1a34e49ea4289a667d2e4f35b52
https://git.kernel.org/stable/c/5eb7de8cd58e73851cd37ff8d0666517d9926948
https://git.kernel.org/stable/c/97e13434b5da8e91bdf965352fad2141d13d72d3
https://git.kernel.org/stable/c/e3e54ad9eff8bdaa70f897e5342e34b76109497f
https://lore.kernel.org/linux-cve-announce/2024122746-CVE-2024-53164-752a@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-53164
https://www.cve.org/CVERecord?id=CVE-2024-53164

History

Thu, 13 Feb 2025 00:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-459
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`	cvssV3_1 `{'score': 4.1, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Thu, 09 Jan 2025 15:45:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/33db36b3c53d0fda2699ea39ba72bee4de8336e8 https://git.kernel.org/stable/c/44782565e1e6174c94bddfa72ac7267cd09c1648 https://git.kernel.org/stable/c/5e473f462a16f1a34e49ea4289a667d2e4f35b52

Thu, 09 Jan 2025 14:00:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024122746-CVE-2024-53164-752a@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-53164 https://www.cve.org/CVERecord?id=CVE-2024-53164
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Fri, 27 Dec 2024 13:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.
Title		net: sched: fix ordering of qlen adjustment
References		https://git.kernel.org/stable/c/489422e2befff88a1de52b2acebe7b333bded025 https://git.kernel.org/stable/c/5eb7de8cd58e73851cd37ff8d0666517d9926948 https://git.kernel.org/stable/c/97e13434b5da8e91bdf965352fad2141d13d72d3 https://git.kernel.org/stable/c/e3e54ad9eff8bdaa70f897e5342e34b76109497f

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-12-27T13:38:43.407Z

Updated: 2025-01-20T06:20:18.995Z

Reserved: 2024-11-19T17:17:25.004Z

Link: CVE-2024-53164

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2024-12-27T14:15:23.480

Modified: 2025-01-09T16:16:21.297

Link: CVE-2024-53164

Redhat

Severity : Low

Publid Date: 2024-12-27T00:00:00Z

Links: CVE-2024-53164 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object