A flaw in the Linux Kernel found. A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue(). References: https://github.com/torvalds/linux/commit/8fc134fee27f2263988ae38920bc03da416b03d8
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2245519]
This was fixed for Fedora with the 6.5.4 stable kernel updates.
*** Bug 2230024 has been marked as a duplicate of this bug. ***
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2024:0562 https://access.redhat.com/errata/RHSA-2024:0562
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Telecommunications Update Service Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Via RHSA-2024:0563 https://access.redhat.com/errata/RHSA-2024:0563
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Via RHSA-2024:0593 https://access.redhat.com/errata/RHSA-2024:0593
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0724 https://access.redhat.com/errata/RHSA-2024:0724
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0851 https://access.redhat.com/errata/RHSA-2024:0851
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:0876 https://access.redhat.com/errata/RHSA-2024:0876
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:0881 https://access.redhat.com/errata/RHSA-2024:0881
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:0897 https://access.redhat.com/errata/RHSA-2024:0897
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Advanced Update Support Via RHSA-2024:0980 https://access.redhat.com/errata/RHSA-2024:0980
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Advanced Update Support Via RHSA-2024:0999 https://access.redhat.com/errata/RHSA-2024:0999
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2024:1249 https://access.redhat.com/errata/RHSA-2024:1249
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Telecommunications Update Service Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Via RHSA-2024:1268 https://access.redhat.com/errata/RHSA-2024:1268
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2024:1269 https://access.redhat.com/errata/RHSA-2024:1269
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Via RHSA-2024:1278 https://access.redhat.com/errata/RHSA-2024:1278
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2024:1323 https://access.redhat.com/errata/RHSA-2024:1323
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2024:1332 https://access.redhat.com/errata/RHSA-2024:1332
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:1368 https://access.redhat.com/errata/RHSA-2024:1368
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:1404 https://access.redhat.com/errata/RHSA-2024:1404
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Extended Lifecycle Support Via RHSA-2024:1831 https://access.redhat.com/errata/RHSA-2024:1831