Bug 2225191 (CVE-2023-3611) - CVE-2023-3611 kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead
Summary: CVE-2023-3611 kernel: net/sched: sch_qfq component can be exploited if in qfq...
Keywords:
Status: NEW
Alias: CVE-2023-3611
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2225196 2225551 2225552 2225553 2225554 2225555 2225556 2225557 2225558 2225559 2225560 2225561 2225562 2225563 2225564 2225565 2225566 2225567 2225568 2225573 2225574 2225575 2225576 2225577 2225578 2225579 2225580 2225581 2225585 2225586 2225197 2225587
Blocks: 2225179
TreeView+ depends on / blocked
 
Reported: 2023-07-24 14:11 UTC by Alex
Modified: 2023-07-28 11:42 UTC (History)
50 users (show)

Fixed In Version: Kernel 6.5-rc2
Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds memory write flaw was found in qfq_change_agg in net/sched/sch_qfq.c in the Traffic Control (QoS) subsystem in the Linux kernel. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Alex 2023-07-24 14:11:46 UTC 
A flaw in the Linux Kernel found. An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.

Reference:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e337087c3b5805fe0b8a46ba622a962880b5d64
Note You need to log in before you can comment on or make changes to this bug.