CVE-2023-35788Out-of-bounds Write in Kernel

CWE-787Out-of-bounds Write27 documents10 sources
Severity
7.8HIGHNVD
OSV5.5
EPSS
0.0%
top 99.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelCanonical Ubuntu LinuxDebian Linux
Timeline
PublishedJun 16
Latest updateOct 15

Description

An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDlinux/linux_kernel4.194.19.285+5
Debianlinux/linux_kernel< 5.10.191-1+3

Also affects: Debian Linux 10.0, 11.0, 12.0, Ubuntu Linux 14.04, 16.04, 18.04, 20.04, 22.04

Patches

Patch: cdn.kernel.orgPatch: git.kernel.orgPatch: cdn.kernel.org

🔴Vulnerability Details

10
OSV
linux-xilinx-zynqmp vulnerability2023-07-18
OSV
linux-intel-iotg, linux-intel-iotg-5.15 vulnerabilities2023-07-07
OSV
linux-gke vulnerabilities2023-07-06
OSV
linux-oem-5.17 vulnerabilities2023-07-06
OSV
linux-oem-6.1 vulnerabilities2023-06-29

📋Vendor Advisories

15
Oracle
Oracle Oracle Communications Risk Matrix: Install/Upgrade (Oracle Linux Software Collections) — CVE-2023-357882023-10-15
Ubuntu
Kernel Live Patch Security Notice2023-09-05
Ubuntu
Linux kernel (IoT) vulnerabilities2023-07-27
Ubuntu
Linux kernel (Xilinx ZynqMP) vulnerability2023-07-18
Ubuntu
Linux kernel (OEM) vulnerabilities2023-07-18

💬Community

1
Bugzilla
CVE-2023-35788 kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()2023-06-18
CVE-2023-35788 — Out-of-bounds Write in Linux Kernel | cvebase