Linux Kernel net-sched /net/sched/sch_qfq.c qfq_change_agg out-of-bounds write
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.7 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Linux Kernel. It has been rated as critical. The impacted element is the function qfq_change_agg of the file /net/sched/sch_qfq.c of the component net-sched. This manipulation causes out-of-bounds write.
This vulnerability is registered as CVE-2023-3611. The attack needs to be launched locally. No exploit is available.
Applying a patch is the recommended action to fix this issue.
Details
A vulnerability has been found in Linux Kernel (Operating System) (version unknown) and classified as critical. Affected by this vulnerability is the function qfq_change_agg of the file /net/sched/sch_qfq.c of the component net-sched. The manipulation with an unknown input leads to a out-of-bounds write vulnerability. The CWE definition for the vulnerability is CWE-787. The product writes data past the end, or before the beginning, of the intended buffer. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.
The weakness was published 07/22/2023. The advisory is shared at git.kernel.org. This vulnerability is known as CVE-2023-3611 since 07/10/2023. Technical details are known, but no exploit is available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 08/22/2024).
Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.kernel.org.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Type
Vendor
Name
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.8VulDB Meta Temp Score: 7.7
VulDB Base Score: 7.8
VulDB Temp Score: 7.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.8
NVD Vector: 🔍
CNA Base Score: 7.8
CNA Vector (Google Inc.): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Out-of-bounds writeCWE: CWE-787 / CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Patch: git.kernel.org
Timeline
07/10/2023 🔍07/22/2023 🔍
07/22/2023 🔍
08/22/2024 🔍
Sources
Vendor: kernel.orgAdvisory: git.kernel.org
Status: Confirmed
CVE: CVE-2023-3611 (🔍)
GCVE (CVE): GCVE-0-2023-3611
GCVE (VulDB): GCVE-100-235165
Entry
Created: 07/22/2023 06:55Updated: 08/22/2024 23:21
Changes: 07/22/2023 06:55 (52), 08/22/2024 23:21 (25)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.