kernel: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing

In the Linux kernel, the following vulnerability has been resolved: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing TCAMQPRIOTCENTRYINDEX is validated using NLAPOLICYMAXNLAU32, TCQOPTMAXQUEUE, which allows the value TCQOPTMAXQUEUE 16. This leads to a 4-byte out-of-bounds stac...

CVE-2025-38568

In the Linux kernel, net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (CVE-2025-38568). The TCA_MQPRIO_TC_ENTRY_INDEX policy allowed up to TC_QOPT_MAX_QUEUE (16), causing a 4-byte out-of-bounds write in the fp[] stack array. The fix changes the policy to allow only up to TC_QO...