CVE-2024-36244 in Linux
Summary
by MITRE • 06/21/2024
In the Linux kernel, the following vulnerability has been resolved:
net/sched: taprio: extend minimum interval restriction to entire cycle too
It is possible for syzbot to side-step the restriction imposed by the blamed commit in the Fixes: tag, because the taprio UAPI permits a cycle-time different from (and potentially shorter than) the sum of entry intervals.
We need one more restriction, which is that the cycle time itself must be larger than N * ETH_ZLEN bit times, where N is the number of schedule entries. This restriction needs to apply regardless of whether the cycle time came from the user or was the implicit, auto-calculated value, so we move the existing "cycle == 0" check outside the "if "(!new->cycle_time)" branch. This way covers both conditions and scenarios.
Add a selftest which illustrates the issue triggered by syzbot.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 10/01/2025
The vulnerability CVE-2024-36244 affects the Linux kernel's traffic control subsystem, specifically within the taprio (Time Aware Round Robin) implementation used for deterministic networking applications. This issue resides in the network scheduling layer where the kernel handles time-sensitive traffic patterns for industrial automation and real-time communication systems. The taprio scheduler is designed to provide deterministic packet scheduling with precise timing control, making it critical for applications requiring strict timing guarantees such as industrial ethernet protocols and automotive networking systems. The vulnerability stems from insufficient validation of scheduling parameters that could lead to malformed traffic scheduling configurations.
The technical flaw occurs in the validation logic of the taprio scheduler where the cycle time parameter validation was incomplete. While the original fix addressed restrictions on individual entry intervals, it failed to account for the scenario where the total cycle time could be artificially shortened to bypass these protections. The system allows users to specify cycle times that are shorter than the sum of individual entry intervals, creating a potential for invalid scheduling states. This design gap enables malicious or faulty input to circumvent existing safety checks, particularly when the cycle time is set to values that are mathematically valid but practically problematic for network hardware implementation.
The operational impact of this vulnerability extends beyond simple denial of service conditions to potentially compromise network determinism and real-time performance guarantees. When exploited, the vulnerability could cause network hardware to enter inconsistent states where packet scheduling becomes unpredictable or fails entirely. This is particularly concerning in industrial control systems where deterministic behavior is essential for safety-critical operations. The vulnerability affects systems using the taprio scheduler for time-sensitive networking, potentially impacting automotive systems, industrial automation, and real-time communication infrastructure. Network administrators and system integrators using Linux-based real-time systems should be aware that their network scheduling configurations may be vulnerable to manipulation that could disrupt critical timing requirements.
The fix implemented addresses the root cause by introducing a comprehensive restriction that applies to the cycle time regardless of its source or calculation method. The solution moves the cycle time validation outside of conditional branches to ensure both user-specified and auto-calculated values undergo the same validation checks. This approach prevents the scenario where a cycle time could be set to values that are smaller than the minimum required bit times for the number of schedule entries, specifically requiring the cycle time to be larger than N times the ETH_ZLEN bit times where N represents the number of schedule entries. The fix includes a selftest that demonstrates the specific conditions under which syzbot could exploit this vulnerability, providing a clear example of the problematic behavior that the patch addresses. This vulnerability aligns with CWE-129 Input Validation and CWE-691 Insufficient Control Flow Management, and could be categorized under ATT&CK technique T1489, as it affects system integrity and network functionality. The mitigation ensures that all taprio scheduling configurations maintain sufficient temporal granularity to prevent hardware-level scheduling conflicts and maintain deterministic network behavior across all operational scenarios.