Описание
[REJECTED CVE] An array index out-of-bounds write access was found in the Linux kernel in the qfq_update_agg() function, which belongs to the net scheduler QFQ (Quick Fair Queueing Plus). This flaw requires CAP_NET_ADMIN to be exploited and could lead to local privilege escalation.
Отчет
This flaw was found to be a duplicate of CVE-2023-31436. Please see https://access.redhat.com/security/cve/CVE-2023-31436 for information about affected products and security errata.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Under investigation | ||
| Red Hat Enterprise Linux 7 | kernel | Under investigation | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Under investigation | ||
| Red Hat Enterprise Linux 8 | kernel | Under investigation | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Under investigation | ||
| Red Hat Enterprise Linux 9 | kernel | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Not affected |
Показывать по
10
Дополнительная информация
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=2226780kernel: sch_qfq: net scheduler out-of-bounds write in qfq_update_agg()
0 Low
CVSS3
Связанные уязвимости
nvd
больше 2 лет назад
Rejected reason: CVE-2023-39190 was found to be a duplicate of CVE-2023-31436. Please see https://access.redhat.com/security/cve/CVE-2023-31436 for information about affected products and security errata.
0 Low
CVSS3