CVE
CVE-2023-3611
| CVE ID |
CVE-2023-3611
|
|---|---|
| CVSS Score |
7.8
|
| Operating System | |
| Affected Versions |
CentOS 6
|
| Patched Versions |
2.6.32-754.35.1_ol014.el6
|
| Patch Date |
Additional Information
NVD Linking: https://nvd.nist.gov/vuln/detail/CVE-2023-3611
An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.