An out-of-bounds write vulnerability in the Linux kernel...
High severity
Unreviewed
Published
Jul 21, 2023
to the GitHub Advisory Database
•
Updated Jan 20, 2024
Description
Published by the National Vulnerability Database
Jul 21, 2023
Published to the GitHub Advisory Database
Jul 21, 2023
Last updated
Jan 20, 2024
An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.
The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.
We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.
References