CVE-2023-3611

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-3611

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-3611.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-3611

Downstream

DEBIAN-CVE-2023-3611

DLA-3623-1

DLA-3710-1

DSA-5480-1

DSA-5492-1

OESA-2023-1467

OESA-2023-1468

OESA-2023-1469

OESA-2023-1470

OESA-2023-1471

RHSA-2023:6901

RHSA-2023:7077

RHSA-2023:7419

RHSA-2023:7423

RHSA-2023:7424

RHSA-2024:0261

RHSA-2024:0262

RHSA-2024:0378

RHSA-2024:0412

RHSA-2024:0554

RHSA-2024:0575

RHSA-2024:1268

RHSA-2024:1269

RHSA-2024:1278

RHSA-2024:1367

RHSA-2024:1377

RHSA-2024:1382

RHSA-2024:1831

SUSE-SU-2023:3182-1

SUSE-SU-2023:3302-1

SUSE-SU-2023:3309-1

SUSE-SU-2023:3311-1

SUSE-SU-2023:3313-1

SUSE-SU-2023:3318-1

SUSE-SU-2023:3324-1

SUSE-SU-2023:3329-1

SUSE-SU-2023:3349-1

SUSE-SU-2023:3376-1

SUSE-SU-2023:3390-1

SUSE-SU-2023:3391-1

SUSE-SU-2023:3392-1

SUSE-SU-2023:3421-1

Related

Published

2023-07-21T21:15:11Z

Modified

2025-08-09T20:01:28Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.

The qfqchangeagg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.

We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.

References

Affected packages