github - ghsa-7jpg-h873-5g68

ghsa-7jpg-h873-5g68

Vulnerability from github

Published

2023-06-16 21:30

Modified

2024-06-26 18:30

Severity

7.8 (High) - CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-35788"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-16T21:15:09Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.",
  "id": "GHSA-7jpg-h873-5g68",
  "modified": "2024-06-26T18:30:27Z",
  "published": "2023-06-16T21:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35788"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230714-0002"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5448"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5480"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2023/06/07/1"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/06/17/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2023-35788

Vulnerability from cvelistv5

Published

2023-06-16 00:00

Modified

2024-08-02 16:30

Severity

Summary

References

URL	Tags
https://www.openwall.com/lists/oss-security/2023/06/07/1
https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7
http://www.openwall.com/lists/oss-security/2023/06/17/1	mailing-list
https://www.debian.org/security/2023/dsa-5448	vendor-advisory
https://security.netapp.com/advisory/ntap-20230714-0002/
https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html	mailing-list
https://www.debian.org/security/2023/dsa-5480	vendor-advisory
http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html	mailing-list

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website