141 matches found
kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead
An out-of-bounds memory write flaw was found in qfqchangeagg in net/sched/schqfq.c in the Traffic Control QoS subsystem in the Linux kernel. This flaw allows a local user to crash or potentially escalate their privileges on the system...
kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead
An out-of-bounds memory write flaw was found in qfqchangeagg in net/sched/schqfq.c in the Traffic Control QoS subsystem in the Linux kernel. This flaw allows a local user to crash or potentially escalate their privileges on the system...
PT-2024-1091 · D Link · D-Link Dcs-8300Lhv2
Name of the Vulnerable Software and Affected Versions: D-Link DCS-8300LHV2 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploi...
Medium: virtuoso-opensource
Issue Overview: An issue in the libcmalloc component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service DoS via crafted SQL statements. CVE-2023-31607 An issue in the dfeunitcolloci component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Deni...
kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead
An out-of-bounds memory write flaw was found in qfqchangeagg in net/sched/schqfq.c in the Traffic Control QoS subsystem in the Linux kernel. This flaw allows a local user to crash or potentially escalate their privileges on the system...
kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead
An out-of-bounds memory write flaw was found in qfqchangeagg in net/sched/schqfq.c in the Traffic Control QoS subsystem in the Linux kernel. This flaw allows a local user to crash or potentially escalate their privileges on the system...
Important: kernel-livepatch-4.14.322-244.539
Issue Overview: A use-after-free vulnerability in the Linux kernel's net/sched: clsfw component can be exploited to achieve local privilege escalation. When fwchange is called on an existing filter, the whole tcfresult struct is always copied into the new instance of the filter. This causes a...
The vulnerability of the qfq_dequeue() function in the net/sched/sch_plug.c module of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information, or enhance their privileges.
The vulnerability of the qfqdequeue function in the net/sched/schplug.c module of the Linux kernel is related to the use of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information, or t...
Use-after-free in Linux kernel's net/sched: sch_qfq component
...
DEBIAN-CVE-2023-4921
A use-after-free vulnerability in the Linux kernel's net/sched: schqfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfqdequeue due to the incorrect .peek handler of...
Important: kernel
Issue Overview: An issue in "Zen 2" CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. CVE-2023-20593 An out-of-bounds write vulnerability in the Linux kernel's net/sched: schqfq component can be exploited to achieve local...
DEBIAN-CVE-2023-3611
An out-of-bounds write vulnerability in the Linux kernel's net/sched: schqfq component can be exploited to achieve local privilege escalation. The qfqchangeagg function in net/sched/schqfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We...
UBUNTU-CVE-2023-3611
An out-of-bounds write vulnerability in the Linux kernel's net/sched: schqfq component can be exploited to achieve local privilege escalation. The qfqchangeagg function in net/sched/schqfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We...
PT-2025-13367 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: A use-after-free issue has been identified in the Linux kernel, specifically in the sch taprio component. This issue occurs when a taprio qdisc is installed with an invalid TCA RAT...
crosby-on-eden.cumbria.sch.uk Cross Site Scripting vulnerability OBB-3217584
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
PT-2023-35013 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.9 Description: A potential issue exists in the Linux Kernel, specifically in the sch taprio component of the net/sched module. The problem is related to a possible use-after-free scenario. The actual impact...
AZL-13050 CVE-2022-47929 affecting package kernel for versions less than 5.15.92.1-1
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service system crash via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdiscgraft in...
DEBIAN-CVE-2022-47929
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service system crash via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdiscgraft in...
DEBIAN-CVE-2023-23454
cbqclassify in net/sched/schcbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service slab-out-of-bounds read because of type confusion non-negative numbers can sometimes indicate a TCACTSHOT condition rather than valid classification results...
redhill.bromley.sch.uk Cross Site Scripting vulnerability OBB-3094333
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...