A heap out-of-bounds read/write vulnerability in the...
Unreviewed
Published
Jul 6, 2023
to the GitHub Advisory Database
•
Updated Nov 10, 2023
Description
Published by the National Vulnerability Database
May 1, 2023
Published to the GitHub Advisory Database
Jul 6, 2023
Last updated
Nov 10, 2023
A heap out-of-bounds read/write vulnerability in the Linux Kernel traffic control (QoS) subsystem can be exploited to achieve local privilege escalation.
The qfq_change_class function does not properly limit the lmax variable which can lead to out-of-bounds read/write. If the TCA_QFQ_LMAX value is not offered through nlattr, lmax is determined by the MTU value of the network device. The MTU of the loopback device can be set up to 2^31-1 and as a result, it is possible to have an lmax value that exceeds QFQ_MIN_LMAX.
We recommend upgrading past commit 3037933448f60f9acb705997eae62013ecb81e0d.
References