U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

Vulnerability Change Records for CVE-2023-2248

Change History

CVE Modified by Google Inc. 5/08/2023 8:15:09 AM

Action Type Old Value New Value
Removed CVSS V3.1 
Google Inc. AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
 

								
								
					

					

						Removed
						CWE
						
							
							
								
							
								
Google Inc. CWE-787

								
							
							
								
							
						
								
							
								

								
								
					

					

						Changed
						Description
						
							
							
								
							
								
A heap out-of-bounds read/write vulnerability in the Linux Kernel traffic control (QoS) subsystem can be exploited to achieve local privilege escalation.

The qfq_change_class function does not properly limit the lmax variable which can lead to out-of-bounds read/write. If the TCA_QFQ_LMAX value is not offered through nlattr, lmax is determined by the MTU value of the network device. The MTU of the loopback device can be set up to 2^31-1 and as a result, it is possible to have an lmax value that exceeds QFQ_MIN_LMAX.

We recommend upgrading past commit 3037933448f60f9acb705997eae62013ecb81e0d.



								
							
							
								
							
						
								
							
								
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was the duplicate of CVE-2023-31436.

								
								
					

					

						Removed
						Reference
						
							
							
								
							
								
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3037933448f60f9acb705997eae62013ecb81e0d [Exploit, Mailing List, Patch]

								
							
							
								
							
						
								
							
								

								
								
					

					

						Removed
						Reference
						
							
							
								
							
								
https://kernel.dance/3037933448f60f9acb705997eae62013ecb81e0d [Exploit, Patch]