CVE-2024-57996: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-57996 affects the Linux kernel's network scheduler implementation, specifically in the SFQ (Stochastic Fairness Queueing) component. The vulnerability was discovered when a packet limit of 1 was found to cause incorrect behavior in the implementation. The issue was identified in December 2024 and affects Linux kernel versions from 2.6.12 through various versions up to 6.13.2 (Kernel Patch).

The vulnerability is an array-index-out-of-bounds issue in net/sched/sch_sfq.c, occurring when the SFQ queueing discipline is configured with a packet limit of 1. The bug manifests when a specific sequence of events occurs: a packet is queued in TBF and SFQ, TBF dequeues and moves the packet to the gso_skb list while maintaining qdisc qlen at 1, and a second packet arrives causing an underflow condition. This leads to an out-of-bounds access with index 65535 attempting to access an array of size 128. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to system crashes through array-index-out-of-bounds access, potentially affecting system availability. The issue is particularly concerning in network traffic management scenarios where SFQ is used for packet scheduling (Kernel Patch).

The issue has been patched in the Linux kernel by adding a validation check that prevents setting an SFQ packet limit of 1. The fix has been backported to multiple kernel versions. The patch implements a simple check in the sfq_change function that returns EINVAL when a limit of 1 is attempted (Kernel Patch).