7.8

CVE-2023-35788

Exploit
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.19 < 4.19.285
LinuxLinux Kernel Version >= 4.20 < 5.4.246
LinuxLinux Kernel Version >= 5.5 < 5.10.183
LinuxLinux Kernel Version >= 5.11 < 5.15.116
LinuxLinux Kernel Version >= 5.16 < 6.1.33
LinuxLinux Kernel Version >= 6.2 < 6.3.7
DebianDebian Linux Version12.0
NetappH300s Firmware Version-
   NetappH300s Version-
NetappH500s Firmware Version-
   NetappH500s Version-
NetappH700s Firmware Version-
   NetappH700s Version-
NetappH410s Firmware Version-
   NetappH410s Version-
NetappH410c Firmware Version-
   NetappH410c Version-
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version20.04 SwEditionlts
CanonicalUbuntu Linux Version22.04 SwEditionlts
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.53% 0.406
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
Third Party Advisory
Mailing List
https://www.debian.org/security/2023/dsa-5480
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html
Third Party Advisory
Mailing List
https://www.debian.org/security/2023/dsa-5448
Third Party Advisory
http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html
Third Party Advisory
VDB Entry
http://www.openwall.com/lists/oss-security/2023/06/17/1
Exploit
Mailing List
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7
Patch
Mailing List
https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c
Patch
https://security.netapp.com/advisory/ntap-20230714-0002/
Third Party Advisory
https://www.openwall.com/lists/oss-security/2023/06/07/1
Exploit
Mailing List