CVE-2023-31436

Опубликовано: 13 апр. 2023

Источник: redhat

CVSS3: 7

EPSS Низкий

Описание

qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.

An out-of-bounds memory access flaw was found in the Linux kernel’s traffic control (QoS) subsystem in how a user triggers the qfq_change_class function with an incorrect MTU value of the network device used as lmax. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Меры по смягчению последствий

To mitigate this issue, prevent the module, sch_qfq from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 9	kernel	Not affected
Red Hat Enterprise Linux 9	kernel-rt	Not affected
Red Hat Enterprise Linux 6 Extended Lifecycle Support	kernel	Fixed	RHSA-2024:1831	16.04.2024
Red Hat Enterprise Linux 7	kernel-rt	Fixed	RHSA-2023:7424	21.11.2023
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2023:7423	21.11.2023
Red Hat Enterprise Linux 7	kpatch-patch	Fixed	RHSA-2024:1323	13.03.2024
Red Hat Enterprise Linux 8	kernel-rt	Fixed	RHSA-2023:6901	14.11.2023
Red Hat Enterprise Linux 8	kernel	Fixed	RHSA-2023:7077	14.11.2023
Red Hat Enterprise Linux 8.2 Advanced Update Support	kernel	Fixed	RHSA-2024:1268	12.03.2024
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	kernel-rt	Fixed	RHSA-2024:1269	12.03.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-787

https://bugzilla.redhat.com/show_bug.cgi?id=2192671kernel: out-of-bounds write in qfq_change_class function

EPSS

Процентиль: 8%

0.00033

Низкий

7 High

CVSS3

Связанные уязвимости

CVE-2023-31436

CVSS3: 7.8

ubuntu

около 2 лет назад

qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.

CVE-2023-31436

CVSS3: 7.8

nvd

около 2 лет назад

qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.

CVE-2023-31436

CVSS3: 7.8

msrc

около 2 лет назад

Описание отсутствует

CVE-2023-31436

CVSS3: 7.8

debian

около 2 лет назад

qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2 ...

SUSE-SU-2023:2734-1

suse-cvrf

почти 2 года назад

Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP4)

EPSS

Процентиль: 8%

0.00033

Низкий

7 High

CVSS3