{"uuid": "725c30c0-69d0-4241-a155-be13eac6fa9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2248", "type": "seen", "source": "https://t.me/cibsecurity/63122", "content": "\u203c CVE-2023-2248 \u203c\n\nA heap out-of-bounds read/write vulnerability in the Linux Kernel traffic control (QoS) subsystem can be exploited to achieve local privilege escalation.The\u00c2\u00a0qfq_change_class function does not properly limit the lmax variable which can lead to out-of-bounds read/write.\u00c2\u00a0If the TCA_QFQ_LMAX value is not offered through nlattr, lmax is determined by the MTU value of the network device. The MTU of the loopback device can be set up to 2^31-1 and as a result, it is possible to have an lmax value that exceeds QFQ_MIN_LMAX.We recommend upgrading past commit 3037933448f60f9acb705997eae62013ecb81e0d.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-01T16:29:26.000000Z"}