An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.
History

Fri, 27 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Linux kernel
CPEs cpe:2.3:o:linux:kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux kernel
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Google

Published: 2023-07-21T20:49:10.812Z

Updated: 2024-09-27T13:43:55.993Z

Reserved: 2023-07-10T20:52:55.365Z

Link: CVE-2023-3611

cve-icon Vulnrichment

Updated: 2024-08-02T07:01:57.288Z

cve-icon NVD

Status : Modified

Published: 2023-07-21T21:15:11.897

Modified: 2024-11-21T08:17:39.957

Link: CVE-2023-3611

cve-icon Redhat

Severity : Important

Publid Date: 2023-07-21T00:00:00Z

Links: CVE-2023-3611 - Bugzilla