CVE-2023-35788

Description

An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.

CVSS Metrics

• v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.01%• Percentile: 1%

Techniques & Countermeasures

• CWE-787•Out-of-bounds Write

  The product writes data past the end, or before the beginning, of the intended buffer.

Affected Systems

• canonical•ubuntu_linux

  14.04 | 16.04 | 18.04 | 20.04 | 22.04

• debian•debian_linux

  12.0 | 10.0 | 11.0

• linux•linux_kernel

  ≥ 4.19, < 4.19.285 | ≥ 4.20, < 5.4.246 | ≥ 5.5, < 5.10.183 | ≥ 5.11, < 5.15.116 | ≥ 5.16, < 6.1.33 | ≥ 6.2, < 6.3.7

• netapp•h300s_firmware

  na

• netapp•h410c_firmware

  na

• netapp•h410s_firmware

  na

• netapp•h500s_firmware

  na

• netapp•h700s_firmware

  na

References (10)

• https://www.openwall.com/lists/oss-security/2023/06/07/1
• https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7
• http://www.openwall.com/lists/oss-security/2023/06/17/1
• https://www.debian.org/security/2023/dsa-5448
• https://security.netapp.com/advisory/ntap-20230714-0002/
• https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html
• https://www.debian.org/security/2023/dsa-5480
• http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html
• https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html