Описание
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.
A flaw was found in the TC flower classifier (cls_flower) in the Networking subsystem of the Linux kernel. This issue occurs when sending two TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets with a total size of 252 bytes, which results in an out-of-bounds write when the third packet enters fl_set_geneve_opt, potentially leading to a denial of service or privilege escalation.
Отчет
Red Hat Enterprise Linux 6 is not affected by this flaw as it did not include support for the TC flower classifier.
Меры по смягчению последствий
This flaw can be mitigated by preventing the affected cls_flower kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2023:4821 | 29.08.2023 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2023:4819 | 29.08.2023 |
| Red Hat Enterprise Linux 7 | kpatch-patch | Fixed | RHSA-2023:4834 | 29.08.2023 |
| Red Hat Enterprise Linux 7.7 Advanced Update Support | kernel | Fixed | RHSA-2023:4697 | 22.08.2023 |
| Red Hat Enterprise Linux 7.7 Telco Extended Update Support | kernel | Fixed | RHSA-2023:4697 | 22.08.2023 |
| Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions | kernel | Fixed | RHSA-2023:4697 | 22.08.2023 |
| Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions | kpatch-patch | Fixed | RHSA-2023:4698 | 22.08.2023 |
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2023:5255 | 19.09.2023 |
| Red Hat Enterprise Linux 8 | kpatch-patch | Fixed | RHSA-2023:5221 | 19.09.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c ...
Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP4)
EPSS
7.8 High
CVSS3