Back to bug 2215768
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Mauro Matteo Cascella | 2023-06-20 15:45:01 UTC | CC | dfreiber, jburrell, rogbas, vkumar | |
| Blocks | 2215767 | |||
| CC | qzhao | |||
| Mauro Matteo Cascella | 2023-06-20 15:56:09 UTC | Summary | TRIAGE-CVE-2023-35788 kernel: out-of-bounds write in net/sched/cls_flower.c | TRIAGE-CVE-2023-35788 kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() |
| Mauro Matteo Cascella | 2023-06-23 09:14:45 UTC | Comment | 0 | updated |
| Mauro Matteo Cascella | 2023-06-23 09:15:20 UTC | Fixed In Version | kernel 6.4-rc5 | |
| Mauro Matteo Cascella | 2023-06-23 13:00:21 UTC | Depends On | 2216968, 2216967 | |
| Priority | medium | high | ||
| Severity | medium | high | ||
| Summary | TRIAGE-CVE-2023-35788 kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() | CVE-2023-35788 kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() | ||
| Alias | TRIAGE-CVE-2023-35788 | CVE-2023-35788 | ||
| Mauro Matteo Cascella | 2023-06-23 13:04:11 UTC | CC | jpoimboe, kpatch-maint, rhandlin | |
| Mauro Matteo Cascella | 2023-06-23 13:53:14 UTC | Depends On | 2216979 | |
| Mauro Matteo Cascella | 2023-06-23 14:04:26 UTC | Depends On | 2216989, 2216983, 2216993, 2216996, 2216997, 2216982, 2216981, 2216999, 2217000, 2216984, 2216988, 2216994, 2216998, 2216987, 2216990, 2216991, 2216995, 2216992 | |
| Mauro Matteo Cascella | 2023-06-23 14:08:55 UTC | Depends On | 2217004, 2217002, 2217009, 2217008, 2217010, 2217006, 2217007, 2217003, 2217005 | |
| Mauro Matteo Cascella | 2023-06-23 14:57:46 UTC | Doc Text | A flaw was found in the flower classifier (cls_flower) in the Networking subsystem of the Linux kernel. The flaw occurs when sending two TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets whose total size is 252 bytes. This results in an out-of-bounds write when the third packet enters fl_set_geneve_opt, potentially leading to a denial-of-service or privilege escalation. |
|
| Paige Jung | 2023-06-23 15:12:10 UTC | Doc Text | A flaw was found in the flower classifier (cls_flower) in the Networking subsystem of the Linux kernel. The flaw occurs when sending two TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets whose total size is 252 bytes. This results in an out-of-bounds write when the third packet enters fl_set_geneve_opt, potentially leading to a denial-of-service or privilege escalation. | A flaw was found in the flower classifier (cls_flower) in the Networking subsystem of the Linux kernel. This issue occurs when sending two TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets with a total size of 252 bytes, which results in an out-of-bounds write when the third packet enters fl_set_geneve_opt, potentially leading to a denial of service or privilege escalation. |
| Mauro Matteo Cascella | 2023-06-23 17:15:39 UTC | Doc Text | A flaw was found in the flower classifier (cls_flower) in the Networking subsystem of the Linux kernel. This issue occurs when sending two TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets with a total size of 252 bytes, which results in an out-of-bounds write when the third packet enters fl_set_geneve_opt, potentially leading to a denial of service or privilege escalation. | A flaw was found in the TC flower classifier (cls_flower) in the Networking subsystem of the Linux kernel. This issue occurs when sending two TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets with a total size of 252 bytes, which results in an out-of-bounds write when the third packet enters fl_set_geneve_opt, potentially leading to a denial of service or privilege escalation. |
| Marcelo Ricardo Leitner | 2023-06-23 22:08:35 UTC | CC | jbenc, mleitner, sdubroca | |
| Li Shuang | 2023-06-25 02:43:27 UTC | CC | shuali | |
| Mauro Matteo Cascella | 2023-06-26 10:28:10 UTC | Blocks | 2213076 | |
| Mauro Matteo Cascella | 2023-06-26 10:40:47 UTC | Depends On | 2214027 | |
| Mauro Matteo Cascella | 2023-06-26 10:47:55 UTC | Depends On | 2214029 | |
| Mauro Matteo Cascella | 2023-06-26 11:01:55 UTC | Blocks | 2213076 | |
| Red Hat Bugzilla | 2023-07-07 08:32:02 UTC | Assignee | security-response-team | nobody |
| errata-xmlrpc | 2023-08-01 08:59:29 UTC | Link ID | Red Hat Product Errata RHSA-2023:4378 | |
| errata-xmlrpc | 2023-08-01 09:12:44 UTC | Link ID | Red Hat Product Errata RHSA-2023:4380 | |
| errata-xmlrpc | 2023-08-01 09:17:34 UTC | Link ID | Red Hat Product Errata RHSA-2023:4377 | |
| errata-xmlrpc | 2023-08-08 07:22:25 UTC | Link ID | Red Hat Product Errata RHSA-2023:4516 | |
| errata-xmlrpc | 2023-08-08 07:22:34 UTC | Link ID | Red Hat Product Errata RHSA-2023:4515 |
Back to bug 2215768