Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-2248HistoryMay 01, 2023 - 1:15 p.m.
CVE-2023-2248
2023-05-0113:15:00
Debian Security Bug Tracker
security-tracker.debian.org
11
0.0004 Low
EPSS
Percentile
5.7%
A heap out-of-bounds read/write vulnerability in the Linux Kernel traffic control (QoS) subsystem can be exploited to achieve local privilege escalation.
TheΒ qfq_change_class function does not properly limit the lmax variable which can lead to out-of-bounds read/write.Β If the TCA_QFQ_LMAX value is not offered through nlattr, lmax is determined by the MTU value of the network device. The MTU of the loopback device can be set up to 2^31-1 and as a result, it is possible to have an lmax value that exceeds QFQ_MIN_LMAX.
We recommend upgrading past commit 3037933448f60f9acb705997eae62013ecb81e0d.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | linux | <=Β 6.1.25-1 | linux_6.1.25-1_all.deb |
| Debian | 11 | all | linux | <=Β 5.10.178-3 | linux_5.10.178-3_all.deb |
| Debian | 10 | all | linux | <Β 4.19.282-1 | linux_4.19.282-1_all.deb |
| Debian | 999 | all | linux | <=Β 6.1.25-1 | linux_6.1.25-1_all.deb |
Related
cbl_mariner
cbl_mariner
CVE-2023-2248 affecting package kernel for versions less than 5.15.111.1-1
2023-05-25 09:38:10
CVE-2023-2248 affecting package kernel 5.10.177.1-1
2023-05-25 17:55:45
redhatcve
redhatcve
CVE-2023-2248
2023-05-02 18:22:25
cve
cve
CVE-2023-2248
2023-05-01 13:15:44
ubuntucve
ubuntucve
CVE-2023-2248
2023-05-01 00:00:00
prion
prion
Open redirect
2023-05-01 13:15:00
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2023-05-19 10:23:17
Updated kernel packages fix security vulnerabilities
2023-05-16 22:17:40
openvas
openvas
Mageia: Security Advisory (MGASA-2023-0173)
2023-05-22 00:00:00
Mageia: Security Advisory (MGASA-2023-0166)
2023-05-17 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-2541)
2023-08-03 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2023-06-07 00:00:00
nessus
nessus
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2023-12375)
2023-06-07 00:00:00
OracleVM 3.4 : kernel-uek (OVMSA-2023-0016)
2023-08-17 00:00:00
EulerOS 2.0 SP10 : kernel (EulerOS-SA-2023-2383)
2023-07-18 00:00:00
redos
redos
ROS-20230905-01
2023-09-04 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-5.0-0009
2023-05-22 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0406
2023-06-09 00:00:00
slackware
slackware
[slackware-security] Slackware 15.0 kernel
2023-06-22 01:56:18
