cbcvebase.
CVE-2023-3611
published 2023-07-21

CVE-2023-3611: An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The…

high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.

Affected

29 ranges· showing 25
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debiandebian_linux
debianlinux< linux 6.1.52-1 (bookworm)linux 6.1.52-1 (bookworm)
linuxkernel>= 3.8 < 6.56.5
linuxlinux_kernel
linuxlinux_kernel>= 0 < 5.10.191-15.10.191-1
linuxlinux_kernel>= 0 < 6.1.52-16.1.52-1
linuxlinux_kernel>= 0 < 6.4.4-26.4.4-2
linuxlinux_kernel>= 0 < 6.4.4-26.4.4-2
linuxlinux_kernel>= 0 < 5.4.0-159.1765.4.0-159.176
linuxlinux_kernel>= 0 < 5.15.0-82.915.15.0-82.91
linuxlinux_kernel>= 0 < 3.13.0-193.2443.13.0-193.244
linuxlinux_kernel>= 0 < 4.4.0-244.2784.4.0-244.278
linuxlinux_kernel>= 0 < 4.15.0-216.2274.15.0-216.227
linuxlinux_kernel>= 3.8 < 4.14.3224.14.322
linuxlinux_kernel>= 4.15 < 4.19.2914.19.291
linuxlinux_kernel>= 4.20 < 5.4.2535.4.253
linuxlinux_kernel>= 5.11 < 5.15.1215.15.121
linuxlinux_kernel>= 5.16 < 6.1.406.1.40
linuxlinux_kernel>= 5.5 < 5.10.1885.10.188
linuxlinux_kernel>= 6.2 < 6.4.56.4.5
msrccbl2_kernel_5.15.122.1-2_on_cbl_mariner_2.0
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH