CVE-2023-31436
Summary
| CVE | CVE-2023-31436 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-04-28 02:15:00 UTC |
|---|
| Updated | 2023-11-29 15:15:00 UTC |
|---|
| Description | qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX. |
|---|
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|
| Operating System |
Linux |
Linux Kernel |
All |
All |
All |
All |
References
| Reference | Source | Link | Tags |
|---|
| Kernel Live Patch Security Notice LSN-0095-1 ≈ Packet Storm |
MISC |
packetstormsecurity.com |
|
| CVE-2023-31436 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security |
CONFIRM |
security.netapp.com |
|
| Patch "net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg" has been added to the 6.2-stable tree — Linux Stable Commits |
MISC |
www.spinics.net |
|
| Kernel Live Patch Security Notice LSN-0096-1 ≈ Packet Storm |
MISC |
packetstormsecurity.com |
|
| net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg · torvalds/linux@3037933 · GitHub |
MISC |
github.com |
|
| Kernel Live Patch Security Notice LSN-0099-1 ≈ Packet Storm |
|
packetstormsecurity.com |
|
| [SECURITY] [DLA 3446-1] linux-5.10 security update |
MLIST |
lists.debian.org |
|
| Debian -- Security Information -- DSA-5402-1 linux |
DEBIAN |
www.debian.org |
|
| cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.13 |
MISC |
cdn.kernel.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 161147 Oracle Enterprise Linux Security Update for kernel (ELSA-2023-7077)
- 181781 Debian Security Update for linux (DSA 5402-1)
- 181828 Debian Security Update for linux-5.10 (DLA 3446-1)
- 183056 Debian Security Update for linux (CVE-2023-31436)
- 199382 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6127-1)
- 199384 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6132-1)
- 199386 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6131-1)
- 199390 Ubuntu Security Notification for Linux kernel (Azure CVM) Vulnerabilities (USN-6135-1)
- 199406 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6150-1)
- 199413 Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-6162-1)
- 199421 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6173-1)
- 199422 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6175-1)
- 199437 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6186-1)
- 199465 Ubuntu Security Notification for Linux kernel (Xilinx ZynqMP) Vulnerabilities (USN-6222-1)
- 199471 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6130-1)
- 199539 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6149-1)
- 199614 Ubuntu Security Notification for Linux kernel (IoT) Vulnerabilities (USN-6256-1)
- 199764 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6385-1)
- 199874 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6460-1)
- 242434 Red Hat Update for kernel-rt security (RHSA-2023:6901)
- 242451 Red Hat Update for kernel security (RHSA-2023:7077)
- 242728 Red Hat Update for kpatch-patch (RHSA-2024:0378)
- 242769 Red Hat Update for kpatch-patch (RHSA-2024:0554)
- 242789 Red Hat Update for kernel (RHSA-2024:0575)
- 242855 Red Hat Update for kernel (RHSA-2024:0412)
- 243055 Red Hat Update for kernel (RHSA-2024:1268)
- 243057 Red Hat Update for kpatch-patch (RHSA-2024:1278)
- 243058 Red Hat Update for kernel-rt (RHSA-2024:1269)
- 243068 Red Hat Update for kpatch-patch (RHSA-2024:1323)
- 243076 Red Hat Update for kernel (RHSA-2024:1367)
- 243085 Red Hat Update for kpatch-patch (RHSA-2024:1377)
- 243096 Red Hat Update for kernel-rt (RHSA-2024:1382)
- 355083 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2023-032
- 355088 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2023-045
- 355100 Amazon Linux Security Advisory for kernel : ALAS2-2023-2035
- 355101 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.15-2023-018
- 355103 Amazon Linux Security Advisory for kernel : ALAS-2023-1744
- 355237 Amazon Linux Security Advisory for kernel : ALAS2023-2023-179
- 378710 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0079)
- 378889 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2023:0036)
- 379043 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0136)
- 6140098 AWS Bottlerocket Security Update for kernel (GHSA-fqrx-jw8q-x47m)
- 673214 EulerOS Security Update for kernel (EulerOS-SA-2023-2383)
- 673232 EulerOS Security Update for kernel (EulerOS-SA-2023-2357)
- 673261 EulerOS Security Update for kernel (EulerOS-SA-2023-2614)
- 673272 EulerOS Security Update for kernel (EulerOS-SA-2023-2584)
- 673393 EulerOS Security Update for kernel (EulerOS-SA-2023-2647)
- 673498 EulerOS Security Update for kernel (EulerOS-SA-2023-3132)
- 674113 EulerOS Security Update for kernel (EulerOS-SA-2023-2689)
- 754097 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2507-1)
- 754105 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2537-1)
- 754106 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2534-1)
- 754110 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2538-1)
- 754120 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2611-1)
- 754145 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2651-1)
- 755851 SUSE Enterprise Linux Security Update for the linux kernel (SUSE-SU-2023:2646-1)
- 906892 Common Base Linux Mariner (CBL-Mariner) Security Update for hyperv-daemons (26659-1)
- 906909 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26391-1)
- 906926 Common Base Linux Mariner (CBL-Mariner) Security Update for hyperv-daemons (26668-1)
- 906962 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26385-1)
- 941453 AlmaLinux Security Update for kernel (ALSA-2023:7077)
