An out-of-bounds write vulnerability in the Linux kernel’s net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | linux | < 6.1.52-1 | linux_6.1.52-1_all.deb |
Debian | 11 | all | linux | < 5.10.191-1 | linux_5.10.191-1_all.deb |
Debian | 10 | all | linux | < 4.19.304-1 | linux_4.19.304-1_all.deb |
Debian | 999 | all | linux | < 6.4.4-2 | linux_6.4.4-2_all.deb |
Debian | 13 | all | linux | < 6.4.4-2 | linux_6.4.4-2_all.deb |
Debian | 10 | all | linux-5.10 | < 5.10.197-1~deb10u1 | linux-5.10_5.10.197-1~deb10u1_all.deb |