PT-2023-3342 · Linux+9 · Linux Kernel+9

Hangyu Hua

·

Publicado

2023-05-29

·

Atualizado

2024-06-26

·

CVE-2023-35788

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.7
Description The issue is related to the fl set geneve opt() function in the net/sched/cls flower.c module of the Linux kernel's traffic control subsystem. It involves incorrect buffer boundary calculation during writing, which can be exploited by a remote attacker to cause a denial of service or potentially escalate privileges. The vulnerability can be triggered via TCA FLOWER KEY ENC OPTS GENEVE packets, affecting the flower classifier code and leading to an out-of-bounds write.
Recommendations For Linux kernel versions prior to 6.3.7, update to version 6.3.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the fl set geneve opt() function or the TCA FLOWER KEY ENC OPTS GENEVE packets to minimize the risk of exploitation.

Exploit

Correção

DoS

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALSA-2023:4377
ALSA-2023:4378
ALSA-2023:5244
ALT-PU-2023-1969
ALT-PU-2023-1994
ALT-PU-2023-4638
ALT-PU-2023-4663
ALT-PU-2023-8461
ALT-PU-2024-6818
AZL-27197
BDU:2023-03498
CESA-2023_5221
CESA-2023_5244
CESA-2023_5255
CVE-2023-35788
DLA-3508-1
DLA-3623-1
DSA-5448-1
DSA-5480-1
LSN-0097-1
MGASA-2023-0201
MGASA-2023-0202
OESA-2023-1379
OESA-2023-1380
OESA-2023-1394
OESA-2023-1395
OESA-2023-1396
OPENSUSE-SU-2023_2859-1
OPENSUSE-SU-2023_2871-1
OPENSUSE-SU-2023_2892-1
OPENSUSE-SU-2023_3041-1
OPENSUSE-SU-2023_3055-1
OPENSUSE-SU-2023_3063-1
OPENSUSE-SU-2023_3079-1
OPENSUSE-SU-2023_3115-1
OPENSUSE-SU-2023_3116-1
OPENSUSE-SU-2023_3153-1
RHSA-2023:4377
RHSA-2023:4378
RHSA-2023:4380
RHSA-2023:4515
RHSA-2023:4516
RHSA-2023:4697
RHSA-2023:4698
RHSA-2023:4789
RHSA-2023:4815
RHSA-2023:4817
RHSA-2023:4819
RHSA-2023:4821
RHSA-2023:4829
RHSA-2023:4834
RHSA-2023:4888
RHSA-2023:4961
RHSA-2023:4962
RHSA-2023:4967
RHSA-2023:5221
RHSA-2023:5244
RHSA-2023:5255
RHSA-2023:5575
RHSA-2023:5603
RHSA-2023:5604
RHSA-2023_4377
RHSA-2023_4378
RHSA-2023_4819
RHSA-2023_4821
RHSA-2023_5244
RHSA-2023_5255
RLSA-2023:4378
RLSA-2023:5244
RXSA-2023:5244
SUSE-SU-2023:2782-1
SUSE-SU-2023:2809-1
SUSE-SU-2023:2810-1
SUSE-SU-2023:2820-1
SUSE-SU-2023:2831-1
SUSE-SU-2023:2834-1
SUSE-SU-2023:2859-1
SUSE-SU-2023:2871-1
SUSE-SU-2023:2892-1
SUSE-SU-2023:3035-1
SUSE-SU-2023:3036-1
SUSE-SU-2023:3041-1
SUSE-SU-2023:3055-1
SUSE-SU-2023:3063-1
SUSE-SU-2023:3075-1
SUSE-SU-2023:3076-1
SUSE-SU-2023:3079-1
SUSE-SU-2023:3081-1
SUSE-SU-2023:3107-1
SUSE-SU-2023:3111-1
SUSE-SU-2023:3115-1
SUSE-SU-2023:3116-1
SUSE-SU-2023:3153-1
USN-6192-1
USN-6193-1
USN-6194-1
USN-6205-1
USN-6206-1
USN-6212-1
USN-6220-1
USN-6223-1
USN-6234-1
USN-6235-1
USN-6256-1

Produtos afetados

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu