CVE-2023-2248

Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified)

Description A heap out-of-bounds read/write issue in the Linux Kernel traffic control (QoS) subsystem can be exploited to achieve local privilege escalation. The qfq change class function does not properly limit the lmax variable, which can lead to out-of-bounds read/write. If the TCA QFQ LMAX value is not offered through nlattr, lmax is determined by the MTU value of the network device. The MTU of the loopback device can be set up to 2^31-1, and as a result, it is possible to have an lmax value that exceeds QFQ MIN LMAX.

Recommendations Upgrade past commit 3037933448f60f9acb705997eae62013ecb81e0d to resolve the issue. As a temporary workaround, consider restricting the MTU value of the loopback device to prevent excessive lmax values. Avoid using the TCA QFQ LMAX value through nlattr until the issue is resolved.