We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-31436



Assignermitre
Reserved2023-04-28
Published2023-04-28
Updated2024-10-21

Description

qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.

References

https://github.com/torvalds/linux/commit/3037933448f60f9acb705997eae62013ecb81e0d

https://www.spinics.net/lists/stable-commits/msg294885.html

https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.13

https://www.debian.org/security/2023/dsa-5402 (DSA-5402) vendor-advisory

https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html ([debian-lts-announce] 20230605 [SECURITY] [DLA 3446-1] linux-5.10 security update) mailing-list

https://security.netapp.com/advisory/ntap-20230609-0001/

http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html

http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html

http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html

cve.org CVE-2023-31436

nvd.nist.gov CVE-2023-31436

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.