5 matches found
CVE-2023-0590
CVE-2023-0590: A use-after-free in qdisc_graft (net/sched/sch_api.c) due to a race condition in the Linux kernel can lead to denial of service. The issue is noted in multiple public bulletins (e.g., Astra Linux and IBM QRadar) referencing the same kernel component, with remediation via patch ebda...
CVE-2023-0590
A use-after-free flaw was found in qdiscgraft in net/sched/schapi.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 "net: sched: fix race condition in qdiscgraft" not applied yet, then kernel could be affected...
CVE-2022-47929
CVE-2022-47929 is a Linux kernel vulnerability: a NULL pointer dereference in the traffic control subsystem (affecting qdisc_graft in net/sched/sch_api.c) that allows an unprivileged user to trigger a denial of service (system crash) via crafted tc qdisc/class configurations. Exploitation is loca...
Null pointer dereference
The qdiscnotify function in net/sched/schapi.c in the Linux kernel before 2.6.35 does not prevent tcfillqdisc function calls referencing builtin aka CQFBUILTIN Qdisc structures, which allows local users to cause a denial of service NULL pointer dereference and OOPS or possibly have unspecified...
Linux Kernel tc_fill_tclass()函数本地信息泄露漏洞
BUGTRAQ ID: 36304 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的net/sched/schapi.c文件中的tcfilltclass函数没有清除某些结构成员便将其返回给了用户空间,这可能导致泄漏3个字节的未初始化内核内存。 Linux kernel 2.6.x Linux kernel 2.4.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...