What is CVE-2024-36244?

CVE-2024-36244 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10. CVE-2024-36244 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2024-36244?

CVE-2024-36244 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2024-36244?

No patch is currently available for CVE-2024-36244. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2024-36244 actively exploited?

CVE-2024-36244 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2024-36244

Medium

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: extend minimum interval restriction to entire cycle too It is possible for syzbot to side-step the restriction imposed by the blamed commit in the Fixes: tag, because the taprio UAPI permits a cycle-time different from (and potentially shorter than) the sum of entry intervals. We need one more restriction, which is that the cycle time itself must be larger than N * ETH_ZLEN bit times, where N is the number of schedule entries. This restriction needs to apply regardless of whether the cycle time came from the user or was the implicit, auto-calculated value, so we move the existing "cycle == 0" check outside the "if "(!new->cycle_time)" branch. This way covers both conditions and scenarios. Add a selftest which illustrates the issue triggered by syzbot.

Package Linux Kernel

Published 2024-06-21

Last modified 2025-11-03

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

The following references provide additional information about CVE-2024-36244 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Debian Security
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Kernel patch commit
https://git.kernel.org/stable/c/34d83c3e6e97867ae061d14eb52123404aab1cbc
Patch
Kernel patch commit
https://git.kernel.org/stable/c/91f249b01fe490fce11fbb4307952ca8cce78724
Patch
Kernel patch commit
https://git.kernel.org/stable/c/b939d1e04a90248b4cdf417b0969c270ceb992b2
Patch

4 patch commits total View all on NVD

Details

CVE ID CVE-2024-36244

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-06-21

Modified 2025-11-03

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2024-36244?

CVE-2024-36244 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2024-36244 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2024-36244?

CVE-2024-36244 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2024-36244?

No patch is currently available for CVE-2024-36244. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2024-36244 actively exploited?

No — CVE-2024-36244 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.