PT-2023-2756 · Linux+9 · Linux Kernel+9

Gwangun Jung

·

Published

2023-04-13

·

Updated

2024-10-21

·

CVE-2023-31436

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.2.13
Description The issue is related to the qfq change class function in the Linux kernel, which allows an out-of-bounds write because lmax can exceed QFQ MIN LMAX. This can potentially impact the confidentiality, integrity, and availability of protected information. The vulnerability may be exploited to gain local privilege escalation.
Recommendations For Linux kernel versions prior to 6.2.13, update to version 6.2.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the qfq change class function in the net/sched/sch qfq.c file until a patch is available.

Fix

DoS

Out of bounds Read

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787CWE-119

Related Identifiers

ALSA-2023:7077
ALT-PU-2023-1678
ALT-PU-2023-1826
ALT-PU-2023-1851
ALT-PU-2023-1922
ALT-PU-2023-8459
ALT-PU-2024-4263
ALT-PU-2024-4843
AZL-26391
AZL-26668
BDU:2023-02605
BDU:2023-05193
CESA-2023_6901
CESA-2023_7077
CESA-2023_7423
CVE-2023-31436
DLA-3446-1
DSA-5402-1
LSN-0095-1
LSN-0096-1
LSN-0099-1
MGASA-2023-0166
MGASA-2023-0173
OESA-2023-1274
OESA-2023-1275
OESA-2023-1276
OESA-2023-1277
OPENSUSE-SU-2023_2646-1
OPENSUSE-SU-2023_2871-1
RHSA-2023:6901
RHSA-2023:7077
RHSA-2023:7423
RHSA-2023:7424
RHSA-2023_6901
RHSA-2023_7077
RHSA-2023_7423
RHSA-2023_7424
RHSA-2024:0261
RHSA-2024:0262
RHSA-2024:0378
RHSA-2024:0412
RHSA-2024:0554
RHSA-2024:0575
RHSA-2024:1268
RHSA-2024:1269
RHSA-2024:1278
RHSA-2024:1323
RHSA-2024:1367
RHSA-2024:1377
RHSA-2024:1382
RHSA-2024:1831
SUSE-SU-2023:2500-1
SUSE-SU-2023:2501-1
SUSE-SU-2023:2502-1
SUSE-SU-2023:2507-1
SUSE-SU-2023:2534-1
SUSE-SU-2023:2537-1
SUSE-SU-2023:2538-1
SUSE-SU-2023:2611-1
SUSE-SU-2023:2646-1
SUSE-SU-2023:2651-1
SUSE-SU-2023:2653-1
SUSE-SU-2023:2660-1
SUSE-SU-2023:2666-1
SUSE-SU-2023:2679-1
SUSE-SU-2023:2680-1
SUSE-SU-2023:2681-1
SUSE-SU-2023:2686-1
SUSE-SU-2023:2687-1
SUSE-SU-2023:2689-1
SUSE-SU-2023:2690-1
SUSE-SU-2023:2694-1
SUSE-SU-2023:2695-1
SUSE-SU-2023:2697-1
SUSE-SU-2023:2698-1
SUSE-SU-2023:2700-1
SUSE-SU-2023:2701-1
SUSE-SU-2023:2702-1
SUSE-SU-2023:2703-1
SUSE-SU-2023:2708-1
SUSE-SU-2023:2709-1
SUSE-SU-2023:2710-1
SUSE-SU-2023:2714-1
SUSE-SU-2023:2718-1
SUSE-SU-2023:2719-1
SUSE-SU-2023:2720-1
SUSE-SU-2023:2721-1
SUSE-SU-2023:2724-1
SUSE-SU-2023:2727-1
SUSE-SU-2023:2731-1
SUSE-SU-2023:2734-1
SUSE-SU-2023:2735-1
SUSE-SU-2023:2741-1
SUSE-SU-2023:2743-1
SUSE-SU-2023:2755-1
SUSE-SU-2023:2782-1
SUSE-SU-2023:2805-1
SUSE-SU-2023:2809-1
SUSE-SU-2023:2871-1
USN-6127-1
USN-6130-1
USN-6131-1
USN-6132-1
USN-6135-1
USN-6149-1
USN-6150-1
USN-6162-1
USN-6173-1
USN-6175-1
USN-6186-1
USN-6222-1
USN-6256-1
USN-6385-1
USN-6460-1
ZDI-24-593

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu