LiveActive security incident?Get immediate response
CVE Record

CVE-2024-45016: netem: fix return value if duplicate enqueue fails

In the Linux kernel, the following vulnerability has been resolved: netem: fix return value if duplicate enqueue fails There is a bug in netem_enqueue() introduced by commit 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec") that can lead to a use-after-free. This commit made netem_enqueue() always return NET_XMIT_SUCCESS when a packet is duplicated, which can cause the parent qdisc's q.qlen to be mistakenly incremented. When this happens qlen_notify() may be skipped on the parent during destruction, leaving a dangling pointer for some classful qdiscs like DRR. There are two ways for the bug happen: - If the duplicated packet is dropped by rootq->enqueue() and then the original packet is also dropped. - If rootq->enqueue() sends the duplicated packet to a different qdisc and the original packet is dropped. In both cases NET_XMIT_SUCCESS is returned even though no packets are enqueued at the netem qdisc. The fix is to defer the enqueue of the duplicate packet until after the original packet has been guaranteed to return NET_XMIT_SUCCESS.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2024-45016 is a Linux kernel networking bug in netem, a traffic-control feature used to emulate network conditions. Under specific packet duplication and drop handling, the kernel can keep an incorrect queue count and leave a dangling pointer, creating a use-after-free risk.

Executive priority

Treat this as a targeted kernel maintenance issue, not an emergency based on current evidence. Patch through normal security update channels, prioritizing systems using Linux traffic-control features, shared infrastructure, appliances, and vendor platforms named in advisories.

Technical view

The flaw is in netem_enqueue(), introduced by commit 5845f706388a. Duplicate packet enqueue failure can still return NET_XMIT_SUCCESS, incorrectly incrementing a parent qdisc qlen. During qdisc destruction, qlen_notify() may be skipped for classful qdiscs such as DRR, leaving stale state and a use-after-free condition.

Likely exposure

Exposure is most likely on Linux systems running affected kernel builds where netem traffic control is configured or reachable through operational workflows. The source bundle lists affected Linux kernel versions and stable fix commits, but does not provide CPEs or detailed product package mappings.

Exploitation context

The bundle does not support active exploitation: KEV is false and no cited source says it is exploited in the wild. The described bug requires specific netem duplicate enqueue and packet drop behavior; the bundle does not state attacker prerequisites or remote exploitability.

Researcher notes

The key issue is an incorrect success return after duplicate enqueue failure, causing qdisc accounting drift and skipped destruction notification. Evidence supports a kernel use-after-free, but not exploitability details, CVSS, CWE classification, or active abuse. Validate against exact kernel branch fixes rather than assuming broad product exposure.

Mitigation direction

  • Update Linux kernels to vendor builds containing the referenced stable fixes.
  • Review Debian and Siemens advisories if those platforms are in scope.
  • If fixed packages are unavailable, follow vendor guidance for temporary mitigations.
  • Limit privileged traffic-control configuration access to trusted administrators.
  • Prioritize internet-facing or multi-tenant Linux systems using advanced qdisc configuration.

Validation and detection

  • Inventory Linux kernel versions and compare them with vendor fixed releases.
  • Check whether netem or classful qdisc configurations are used on production hosts.
  • Confirm patched kernels include one of the referenced stable commits.
  • Review Debian LTS and Siemens advisory applicability for managed assets.
  • Monitor vendor security advisories for updated severity, package, or mitigation details.
Prepared
Confidence
medium
Sources
12

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2024-45016 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
3ADP providers
11Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
CVECVE Program Container
siemens-SADPADP container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux5845f706388a4cde0f6b80f9e5d33527e942b7d9, 5845f706388a4cde0f6b80f9e5d33527e942b7d9, 5845f706388a4cde0f6b80f9e5d33527e942b7d9, 5845f706388a4cde0f6b80f9e5d33527e942b7d9, 5845f706388a4cde0f6b80f9e5d33527e942b7d9, 5845f706388a4cde0f6b80f9e5d33527e942b7d9, 5845f706388a4cde0f6b80f9e5d33527e942b7d9, a550a01b8af856f2684b0f79d552f5119eb5006c, 009510a90e230bb495f3fe25c7db956679263b07, 4de7d30668cb8b06330992e1cd336f91700a2ce7, d1dd2e15c85e890a1cc9bde5ba07ae63331e5c73, 0148fe458b5705e2fea7cb88294fed7e36066ca2, 3.16.66, 4.9.163, 4.14.106, 4.19.28, 4.20.15unaffected
LinuxLinux5.0, 0, 5.4.283, 5.10.225, 5.15.166, 6.1.107, 6.6.48, 6.10.7, 6.11affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.