{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-35788", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-05-05T15:57:20.355Z", "dateReserved": "2023-06-16T00:00:00.000Z", "datePublished": "2023-06-16T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-19T23:07:19.640Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.openwall.com/lists/oss-security/2023/06/07/1"}, {"url": "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c"}, {"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7"}, {"name": "[oss-security] 20230617 Re: Linux kernel: off-by-one in fl_set_geneve_opt", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2023/06/17/1"}, {"name": "DSA-5448", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2023/dsa-5448"}, {"url": "https://security.netapp.com/advisory/ntap-20230714-0002/"}, {"name": "[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"}, {"name": "DSA-5480", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2023/dsa-5480"}, {"url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html"}, {"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:30:45.365Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.openwall.com/lists/oss-security/2023/06/07/1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c", "tags": ["x_transferred"]}, {"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7", "tags": ["x_transferred"]}, {"name": "[oss-security] 20230617 Re: Linux kernel: off-by-one in fl_set_geneve_opt", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2023/06/17/1"}, {"name": "DSA-5448", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2023/dsa-5448"}, {"url": "https://security.netapp.com/advisory/ntap-20230714-0002/", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"}, {"name": "DSA-5480", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2023/dsa-5480"}, {"url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "CWE-787 Out-of-bounds Write"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T13:29:16.172490Z", "id": "CVE-2023-35788", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-05T15:57:20.355Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "83A1C9DA-32A8-47B1-A9EF-3B8289475A18", "versionEndExcluding": "4.19.285", "versionStartIncluding": "4.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "50FC398B-A69A-4845-8676-B189EFD52DD3", "versionEndExcluding": "5.4.246", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "465F6811-5040-44C7-B81C-6467647C1133", "versionEndExcluding": "5.10.183", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D22A8AFD-08A1-4B25-848B-7112A7444242", "versionEndExcluding": "5.15.116", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B443970D-73AA-4C9A-9338-25D38130D285", "versionEndExcluding": "6.1.33", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA5A4CD8-7A29-4730-A91A-A85F7B206C8E", "versionEndExcluding": "6.3.7", "versionStartIncluding": "6.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*", "matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en fl_set_geneve_opt en net/sched/cls_flower.c en el kernel de Linux antes de 6.3.7. Permite una escritura fuera de los l\u00edmites en el c\u00f3digo flower classifier a trav\u00e9s de paquetes TCA_FLOWER_KEY_ENC_OPTS_GENEVE. Esto puede resultar en denegaci\u00f3n de servicio o escalada de privilegios.\n"}], "id": "CVE-2023-35788", "lastModified": "2025-05-05T16:15:41.317", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-06-16T21:15:09.340", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2023/06/17/1"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch"], "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20230714-0002/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5448"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5480"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2023/06/07/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2023/06/17/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20230714-0002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5448"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5480"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2023/06/07/1"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:4821", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-1160.99.1.rt56.1245.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2023-08-29T00:00:00Z"}, {"advisory": "RHSA-2023:4819", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-1160.99.1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2023-08-29T00:00:00Z"}, {"advisory": "RHSA-2023:4834", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2023-08-29T00:00:00Z"}, {"advisory": "RHSA-2023:4697", "cpe": "cpe:/o:redhat:rhel_aus:7.7", "package": "kernel-0:3.10.0-1062.77.1.el7", "product_name": "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date": "2023-08-22T00:00:00Z"}, {"advisory": "RHSA-2023:4697", "cpe": "cpe:/o:redhat:rhel_tus:7.7", "package": "kernel-0:3.10.0-1062.77.1.el7", "product_name": "Red Hat Enterprise Linux 7.7 Telco Extended Update Support", "release_date": "2023-08-22T00:00:00Z"}, {"advisory": "RHSA-2023:4697", "cpe": "cpe:/o:redhat:rhel_e4s:7.7", "package": "kernel-0:3.10.0-1062.77.1.el7", "product_name": "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions", "release_date": "2023-08-22T00:00:00Z"}, {"advisory": "RHSA-2023:4698", "cpe": "cpe:/o:redhat:rhel_e4s:7.7", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions", "release_date": "2023-08-22T00:00:00Z"}, {"advisory": "RHSA-2023:5255", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-477.27.1.rt7.290.el8_8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-09-19T00:00:00Z"}, {"advisory": "RHSA-2023:5221", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-09-19T00:00:00Z"}, {"advisory": "RHSA-2023:5244", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-477.27.1.el8_8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-09-19T00:00:00Z"}, {"advisory": "RHSA-2023:4515", "cpe": "cpe:/o:redhat:rhel_e4s:8.1", "package": "kernel-0:4.18.0-147.87.1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2023-08-08T00:00:00Z"}, {"advisory": "RHSA-2023:4516", "cpe": "cpe:/o:redhat:rhel_e4s:8.1", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2023-08-08T00:00:00Z"}, {"advisory": "RHSA-2023:4815", "cpe": "cpe:/o:redhat:rhel_aus:8.2", "package": "kernel-0:4.18.0-193.113.1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2023-08-29T00:00:00Z"}, {"advisory": "RHSA-2023:4817", "cpe": "cpe:/a:redhat:rhel_tus:8.2::nfv", "package": "kernel-rt-0:4.18.0-193.113.1.rt13.164.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2023-08-29T00:00:00Z"}, {"advisory": "RHSA-2023:4815", "cpe": "cpe:/o:redhat:rhel_tus:8.2", "package": "kernel-0:4.18.0-193.113.1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2023-08-29T00:00:00Z"}, {"advisory": "RHSA-2023:4815", "cpe": "cpe:/o:redhat:rhel_e4s:8.2", "package": "kernel-0:4.18.0-193.113.1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2023-08-29T00:00:00Z"}, {"advisory": "RHSA-2023:4829", "cpe": "cpe:/o:redhat:rhel_e4s:8.2", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2023-08-29T00:00:00Z"}, {"advisory": "RHSA-2023:4962", "cpe": "cpe:/o:redhat:rhel_aus:8.4", "package": "kernel-0:4.18.0-305.103.1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2023-09-05T00:00:00Z"}, {"advisory": "RHSA-2023:4961", "cpe": "cpe:/a:redhat:rhel_tus:8.4::nfv", "package": "kernel-rt-0:4.18.0-305.103.1.rt7.178.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2023-09-05T00:00:00Z"}, {"advisory": "RHSA-2023:4962", "cpe": "cpe:/o:redhat:rhel_tus:8.4", "package": "kernel-0:4.18.0-305.103.1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2023-09-05T00:00:00Z"}, {"advisory": "RHSA-2023:4962", "cpe": "cpe:/o:redhat:rhel_e4s:8.4", "package": "kernel-0:4.18.0-305.103.1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2023-09-05T00:00:00Z"}, {"advisory": "RHSA-2023:4967", "cpe": "cpe:/o:redhat:rhel_e4s:8.4", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2023-09-05T00:00:00Z"}, {"advisory": "RHSA-2023:4789", "cpe": "cpe:/o:redhat:rhel_eus:8.6", "package": "kernel-0:4.18.0-372.70.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-08-29T00:00:00Z"}, {"advisory": "RHSA-2023:4888", "cpe": "cpe:/o:redhat:rhel_eus:8.6", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-08-30T00:00:00Z"}, {"advisory": "RHSA-2023:4377", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-284.25.1.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-08-01T00:00:00Z"}, {"advisory": "RHSA-2023:4378", "cpe": "cpe:/a:redhat:enterprise_linux:9::nfv", "package": "kernel-rt-0:5.14.0-284.25.1.rt14.310.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-08-01T00:00:00Z"}, {"advisory": "RHSA-2023:4377", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-284.25.1.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-08-01T00:00:00Z"}, {"advisory": "RHSA-2023:4380", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-08-01T00:00:00Z"}, {"advisory": "RHSA-2023:5604", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "kernel-0:5.14.0-70.75.1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-10-10T00:00:00Z"}, {"advisory": "RHSA-2023:5603", "cpe": "cpe:/a:redhat:rhel_eus:9.0::nfv", "package": "kernel-rt-0:5.14.0-70.75.1.rt21.146.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-10-10T00:00:00Z"}, {"advisory": "RHSA-2023:5575", "cpe": "cpe:/o:redhat:rhel_eus:9.0", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-10-10T00:00:00Z"}, {"advisory": "RHSA-2023:4789", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "kernel-0:4.18.0-372.70.1.el8_6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2023-08-29T00:00:00Z"}], "bugzilla": {"description": "kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()", "id": "2215768", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215768"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.", "A flaw was found in the TC flower classifier (cls_flower) in the Networking subsystem of the Linux kernel. This issue occurs when sending two TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets with a total size of 252 bytes, which results in an out-of-bounds write when the third packet enters fl_set_geneve_opt, potentially leading to a denial of service or privilege escalation."], "mitigation": {"lang": "en:us", "value": "This flaw can be mitigated by preventing the affected `cls_flower` kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278."}, "name": "CVE-2023-35788", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2023-05-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-35788\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-35788\nhttps://www.openwall.com/lists/oss-security/2023/06/07/1"], "statement": "Red Hat Enterprise Linux 6 is not affected by this flaw as it did not include support for the TC flower classifier.", "threat_severity": "Important"}