7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.2%
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in
the Linux kernel before 6.3.7. It allows an out-of-bounds write in the
flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may
result in denial of service or privilege escalation.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < 5.4.0-153.170 | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < 5.15.0-76.83 | UNKNOWN |
ubuntu | 22.10 | noarch | linux | < 5.19.0-46.47 | UNKNOWN |
ubuntu | 23.04 | noarch | linux | < 6.2.0-24.24 | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.10 | noarch | linux-allwinner | < 5.19.0-1015.15 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-allwinner-5.19 | < 5.19.0-1015.15~22.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1105.113 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1039.44 | UNKNOWN |
ubuntu | 22.10 | noarch | linux-aws | < 5.19.0-1028.29 | UNKNOWN |
www.openwall.com/lists/oss-security/2023/06/17/1
cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7
git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c
git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c (6.4-rc5)
launchpad.net/bugs/cve/CVE-2023-35788
nvd.nist.gov/vuln/detail/CVE-2023-35788
security-tracker.debian.org/tracker/CVE-2023-35788
ubuntu.com/security/notices/USN-6192-1
ubuntu.com/security/notices/USN-6193-1
ubuntu.com/security/notices/USN-6194-1
ubuntu.com/security/notices/USN-6205-1
ubuntu.com/security/notices/USN-6206-1
ubuntu.com/security/notices/USN-6212-1
ubuntu.com/security/notices/USN-6220-1
ubuntu.com/security/notices/USN-6223-1
ubuntu.com/security/notices/USN-6234-1
ubuntu.com/security/notices/USN-6235-1
ubuntu.com/security/notices/USN-6256-1
www.cve.org/CVERecord?id=CVE-2023-35788
www.openwall.com/lists/oss-security/2023/06/07/1
www.openwall.com/lists/oss-security/2023/06/12/1
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.2%