Linux Kernel SFQ Queue Scheduler Invalid Perturb Period Vulnerability

A vulnerability in the Linux kernel's Simple Fair Queueing (SFQ) scheduler has been addressed. The issue arose because the SFQ perturb_period parameter lacked proper range validation, allowing for the possibility of a race condition. This vulnerability could be exploited by setting the perturb_period to an invalid value, such as a negative number or a value too large, which would trigger an error. However, an acceptable value could be used to bypass this check.

Impact

Exploitation of this vulnerability could lead to a race condition, potentially causing unexpected behavior in the SFQ queue scheduling.

Reproduction

To reproduce this vulnerability, add a queue discipline (qdisc) to a network interface using the SFQ scheduler. First, attempt to set the perturb_period to an invalid value, such as -10 or 1,000,000,000, which will result in an error. Once the invalid values are rejected, set the perturb_period to a valid value, such as 2,000,000. After applying the valid perturb_period, the SFQ qdisc can be observed with the new settings, demonstrating that the vulnerability can be bypassed by exploiting the lack of range checking.