CVE-2023-35788

Public on 2023-06-16

Modified on 2024-03-27

Description

An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.

Severity

Important

CVSS v3 Base Score

7.4

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory	Status
HAQM Linux 1	kernel			Not Affected
HAQM Linux 2 - Core	kernel			Not Affected
HAQM Linux 2 - Kernel-5.10 Extra	kernel	2023-06-21	ALAS2KERNEL-5.10-2023-034	Fixed
HAQM Linux 2 - Kernel-5.15 Extra	kernel	2023-06-21	ALAS2KERNEL-5.15-2023-021	Fixed
HAQM Linux 2 - Kernel-5.4 Extra	kernel	2023-06-21	ALAS2KERNEL-5.4-2023-047	Fixed
HAQM Linux 2023	kernel	2023-06-21	ALAS2023-2023-228	Fixed
HAQM Linux 2 - Livepatch Extra	kernel-livepatch-5.10.177-158.645	2023-08-17	ALAS2LIVEPATCH-2023-141	Fixed
HAQM Linux 2 - Livepatch Extra	kernel-livepatch-5.10.178-162.673	2023-08-17	ALAS2LIVEPATCH-2023-140	Fixed
HAQM Linux 2 - Livepatch Extra	kernel-livepatch-5.10.179-166.674	2023-08-17	ALAS2LIVEPATCH-2023-139	Fixed
HAQM Linux 2 - Livepatch Extra	kernel-livepatch-5.10.179-168.710	2023-08-17	ALAS2LIVEPATCH-2023-138	Fixed
HAQM Linux 2 - Livepatch Extra	kernel-livepatch-5.10.179-171.711	2023-08-17	ALAS2LIVEPATCH-2023-137	Fixed
HAQM Linux 2023	kernel-livepatch-6.1.25-37.47	2023-09-15	ALAS2023LIVEPATCH-2023-019	Fixed
HAQM Linux 2023	kernel-livepatch-6.1.27-43.48	2023-09-15	ALAS2023LIVEPATCH-2023-016	Fixed
HAQM Linux 2023	kernel-livepatch-6.1.29-47.49	2023-09-15	ALAS2023LIVEPATCH-2023-017	Fixed
HAQM Linux 2023	kernel-livepatch-6.1.29-50.88	2023-09-15	ALAS2023LIVEPATCH-2023-018	Fixed

CVSS Scores

	Score Type	Score	Vector
HAQM Linux	CVSSv3	7.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
NVD	CVSSv3	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Red Hat: CVE-2023-35788 Mitre: CVE-2023-35788