An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.
The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.
We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.
Metrics
Affected Vendors & Products
References
History
Fri, 27 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Linux kernel
|
|
CPEs | cpe:2.3:o:linux:kernel:*:*:*:*:*:*:*:* | |
Vendors & Products |
Linux kernel
|
|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Google
Published: 2023-07-21T20:49:10.812Z
Updated: 2024-09-27T13:43:55.993Z
Reserved: 2023-07-10T20:52:55.365Z
Link: CVE-2023-3611
Vulnrichment
Updated: 2024-08-02T07:01:57.288Z
NVD
Status : Modified
Published: 2023-07-21T21:15:11.897
Modified: 2024-11-21T08:17:39.957
Link: CVE-2023-3611
Redhat