BDU:2023-02605

Уязвимость функции qfq_change_class() ядра операционных систем Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации.

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2023-31436

Published: 2023-04-28
Modified: 2024-11-21

CVE-2023-31436

qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html
http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html
http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.13
https://github.com/torvalds/linux/commit/3037933448f60f9acb705997eae62013ecb81e0d
[debian-lts-announce] 20230605 [SECURITY] [DLA 3446-1] linux-5.10 security update
https://security.netapp.com/advisory/ntap-20230609-0001/
DSA-5402
https://www.spinics.net/lists/stable-commits/msg294885.html
http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html
https://www.spinics.net/lists/stable-commits/msg294885.html
DSA-5402
https://security.netapp.com/advisory/ntap-20230609-0001/
[debian-lts-announce] 20230605 [SECURITY] [DLA 3446-1] linux-5.10 security update
https://github.com/torvalds/linux/commit/3037933448f60f9acb705997eae62013ecb81e0d
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.13
http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html
http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html

Version: 2.1.0

Package kernel-image-un-def update in sisyphus on 2023-04-26

ALT-PU-2023-1678-1

Closed vulnerabilities

BDU:2023-02605

CVE-2023-31436