In the Linux kernel, the following vulnerability has been resolved: net/sched: Enforce that teql can only be used as root qdisc Design intent of teql is that it is only supposed to be used as root qdisc. We need to check for that constraint. Although not important, I will describe the scenario that unearthed this issue for the curious. GangMin Kim <km.kim1503@gmail.com> managed to concot a scenario as follows: ROOT qdisc 1:0 (QFQ) ├── class 1:1 (weight=15, lmax=16384) netem with delay 6.4s └── class 1:2 (weight=1, lmax=1514) teql GangMin sends a packet which is enqueued to 1:1 (netem). Any invocation of dequeue by QFQ from this class will not return a packet until after 6.4s. In the meantime, a second packet is sent and it lands on 1:2. teql's enqueue will return success and this will activate class 1:2. Main issue is that teql only updates the parent visible qlen (sch->q.qlen) at dequeue. Since QFQ will only call dequeue if peek succeeds (and teql's peek alway...

In the Linux kernel, the following vulnerability has been resolved: net/sched: Enforce that teql can only be used as root qdisc Design intent of teql is that it is only supposed to be used as root qdisc. We need to check for that constraint. Although not important, I will describe the scenario that unearthed this issue for the curious. GangMin Kim <km.kim1503@gmail.com> managed to concot a scenario as follows: ROOT qdisc 1:0 (QFQ) ├── class 1:1 (weight=15, lmax=16384) netem with delay 6.4s └── class 1:2 (weight=1, lmax=1514) teql GangMin sends a packet which is enqueued to 1:1 (netem). Any invocation of dequeue by QFQ from this class will not return a packet until after 6.4s. In the meantime, a second packet is sent and it lands on 1:2. teql's enqueue will return success and this will activate class 1:2. Main issue is that teql only updates the parent visible qlen (sch->q.qlen) at dequeue. Since QFQ will only call dequeue if peek succeeds (and teql's peek always returns ...

In the Linux kernel, the following vulnerability has been resolved: net/sched: Enforce that teql can only be used as root qdisc Design intent of teql is that it is only supposed to be used as root qdisc. We need to check for that constraint. Although not important, I will describe the scenario that unearthed this issue for the curious. GangMin Kim <km.kim1503@gmail.com> managed to concot a scenario as follows: ROOT qdisc 1:0 (QFQ) ├── class 1:1 (weight=15, lmax=16384) netem with delay 6.4s └── class 1:2 (weight=1, lmax=1514) teql GangMin sends a packet which is enqueued to 1:1 (netem). Any invocation of dequeue by QFQ from this class will not return a packet until after 6.4s. In the meantime, a second packet is sent and it lands on 1:2. teql's enqueue will return success and this will activate class 1:2. Main issue is that teql only updates the parent visible qlen (sch->q.qlen) at dequeue. Since QFQ will only call dequeue if peek succeeds (and teql's peek always returns ...

In the Linux kernel, the following vulnerability has been resolved: net/sched: Enforce that teql can only be used as root qdisc Design intent of teql is that it is only supposed to be used as root qdisc. We need to check for that constraint. Although not important, I will describe the scenario that unearthed this issue for the curious. GangMin Kim <km.kim1503@gmail.com> managed to concot a scenario as follows: ROOT qdisc 1:0 (QFQ) ├── class 1:1 (weight=15, lmax=16384) netem with delay 6.4s └── class 1:2 (weight=1, lmax=1514) teql GangMin sends a packet which is enqueued to 1:1 (netem). Any invocation of dequeue by QFQ from this class will not return a packet until after 6.4s. In the meantime, a second packet is sent and it lands on 1:2. teql's enqueue will return success and this will activate class 1:2. Main issue is that teql only updates the parent visible qlen (sch->q.qlen) at dequeue. Since QFQ will only call dequeue if peek succeeds (and teql's peek always r

In the Linux kernel, the following vulnerability has been resolved: n ...

Уязвимость компонента sch_teql ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Security update for the Linux Kernel (Live Patch 35 for SUSE Linux Enterprise 15 SP5)

Security update for the Linux Kernel (Live Patch 77 for SUSE Linux Enterprise 12 SP5)

Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise 15 SP6)

Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise 15 SP7)

Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise 15 SP7)

Security update for the Linux Kernel (Live Patch 33 for SUSE Linux Enterprise 15 SP5)

Security update for the Linux Kernel (Live Patch 46 for SUSE Linux Enterprise 15 SP4)

Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5)

Security update for the Linux Kernel (Live Patch 47 for SUSE Linux Enterprise 15 SP4)

Security update for the Linux Kernel (Live Patch 76 for SUSE Linux Enterprise 12 SP5)

Security update for the Linux Kernel (Live Patch 75 for SUSE Linux Enterprise 12 SP5)

Security update for the Linux Kernel (Live Patch 74 for SUSE Linux Enterprise 12 SP5)

Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise 15 SP7)

Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP7)