Linux Kernel ETS Qdisc Class Active List Double Addition Vulnerability

A vulnerability exists in the Linux kernel's Ethernet Traffic Shaping (ETS) queuing discipline (qdisc) management. When a user changes a Deficit Round Robin (DRR) class to a strict class, the system fails to remove the class from the active list. This oversight can lead to the same class being added twice if it is subsequently changed back to DRR. The issue can be reproduced by manipulating ETS class settings and observing the resulting debug warnings about double additions to the active list.

Impact

Exploitation of this vulnerability can cause a double addition of classes to the active list, which may lead to unexpected scheduling behavior in network traffic management.

Reproduction

To reproduce this vulnerability, first add an ETS qdisc with a DRR class. Then, change the class to strict, which will not remove it from the active list. After that, switch it back to DRR, and the class will be added again, resulting in a double entry. This can be observed by enabling list debugging, which will show a warning about the double addition.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.