CVE-2024-56770: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-56770 affects the Linux kernel's network scheduler (netem) component. The vulnerability was disclosed in January 2024 and impacts Linux kernel versions from 3.3 through 6.12.6. The issue occurs in the netem qdisc (queuing discipline) when used with a child qdisc, where incorrect packet counting can lead to a network interface lockup (NVD).

The vulnerability stems from improper packet counting in the netem qdisc's internal tfifo (timing first-in-first-out queue). When netem is used with a child qdisc, the child can use 'qdisc_tree_reduce_backlog' to inform its parent about created or dropped SKBs (socket buffers). While this function updates netem's 'qlen' and backlog statistics, netem fails to properly account for changes made by the child qdisc. This results in 'qlen' indicating an incorrect number of packets in the tfifo. The CVSS v3.1 base score is 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When the vulnerability is triggered, the network interface completely stops transferring packets and enters a locked state. This occurs because the child qdisc and tfifo become empty, but 'qlen' incorrectly indicates the tfifo is at its limit, causing the interface to reject new packets (Kernel Patch).

The issue has been fixed in the Linux kernel through a patch that adds a counter for entries in the tfifo. The fix ensures netem's 'qlen' is only decreased when a packet is returned by its dequeue function, and not during enqueuing into the child qdisc. This patch has been backported to multiple stable kernel versions (Kernel Patch).