CVE-2023-2248

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-2248
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was the duplicate of CVE-2023-31436.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

07 Nov 2023, 04:12

Type Values Removed Values Added
Summary ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was the duplicate of CVE-2023-31436. Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was the duplicate of CVE-2023-31436.

08 May 2023, 12:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.8 		v2 : unknown
v3 : unknown
CWE CWE-787
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
References
  • {'url': 'https://kernel.dance/3037933448f60f9acb705997eae62013ecb81e0d', 'name': 'https://kernel.dance/3037933448f60f9acb705997eae62013ecb81e0d', 'tags': ['Exploit', 'Patch'], 'refsource': 'MISC'}
  • {'url': 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3037933448f60f9acb705997eae62013ecb81e0d', 'name': 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3037933448f60f9acb705997eae62013ecb81e0d', 'tags': ['Exploit', 'Mailing List', 'Patch'], 'refsource': 'MISC'}
Summary A heap out-of-bounds read/write vulnerability in the Linux Kernel traffic control (QoS) subsystem can be exploited to achieve local privilege escalation. The qfq_change_class function does not properly limit the lmax variable which can lead to out-of-bounds read/write. If the TCA_QFQ_LMAX value is not offered through nlattr, lmax is determined by the MTU value of the network device. The MTU of the loopback device can be set up to 2^31-1 and as a result, it is possible to have an lmax value that exceeds QFQ_MIN_LMAX. We recommend upgrading past commit 3037933448f60f9acb705997eae62013ecb81e0d. ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was the duplicate of CVE-2023-31436.

06 May 2023, 03:13

Type Values Removed Values Added
CWE CWE-787
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
First Time Linux
Linux linux Kernel
References (MISC) https://kernel.dance/3037933448f60f9acb705997eae62013ecb81e0d - (MISC) https://kernel.dance/3037933448f60f9acb705997eae62013ecb81e0d - Exploit, Patch
References (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3037933448f60f9acb705997eae62013ecb81e0d - (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3037933448f60f9acb705997eae62013ecb81e0d - Exploit, Mailing List, Patch
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8

01 May 2023, 13:38

Type Values Removed Values Added
New CVE
Information

Published : 2023-05-01 13:15

Updated : 2024-04-16 18:13

NVD link : CVE-2023-2248

Mitre link : CVE-2023-2248

CVE.ORG link : CVE-2023-2248

JSON object : View

Products Affected

No product.

CWE

No CWE.