Amazon Linux AMI: CVE-2024-53057: Security patch for kernel (ALAS-2025-1970)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT

In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed

to be either root or ingress. This assumption is bogus since it's valid

to create egress qdiscs with major handle ffff:

Budimir Markovic found that for qdiscs like DRR that maintain an active

class list, it will cause a UAF with a dangling class pointer.

In 066a3b5b2346, the concern was to avoid iterating over the ingress

qdisc since its parent is itself. The proper fix is to stop when parent

TC_H_ROOT is reached because the only way to retrieve ingress is when a

hierarchy which does not contain a ffff: major handle call into

qdisc_lookup with TC_H_MAJ(TC_H_ROOT).

In the scenario where major ffff: is an egress qdisc in any of the tree

levels, the updates will also propagate to TC_H_ROOT, which then the

iteration must stop.

net/sched/sch_api.c | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)