5974 – [ANCK 5.10] fix CVE-2023-3611

Bug 5974 - [ANCK 5.10] fix CVE-2023-3611

Summary: [ANCK 5.10] fix CVE-2023-3611

Status:	RESOLVED FIXED

Alias:	None

Product:	ANCK 5.10 Dev
Classification:	ANCK
Component:	net (show other bugs)	net
Sub Component:
Version:	unspecified
Hardware:	All Linux

Importance:	P3-Medium S3-normal
Target Milestone:	---
Assignee:	XuanZhuo
QA Contact:	shuming

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2023-07-25 15:58 UTC by zhujun
Modified:	2023-10-19 11:42 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description zhujun cmss_group

2023-07-25 15:58:51 UTC

一、漏洞信息
漏洞编号：CVE-2023-3611
漏洞归属组件：net
漏洞归属的版本：5.10
CVSS V3.0分值：
BaseScore：7.8 High

漏洞简述：
An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.

NVD Published Date:
07/21/2023
NVD Last Modified:
07/24/2023

漏洞详情参考链接：
https://nvd.nist.gov/vuln/detail/CVE-2023-3611

二 漏洞解决
cloud Linux kernel 5.10需要更新，社区补丁：

1、commit 3e337087c3b5805fe0b8a46ba622a962880b5d64

Reference:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e337087c3b5805fe0b8a46ba622a962880b5d64

Comment 1 小龙 admin

2023-07-25 16:02:44 UTC

The PR Link: https://gitee.com/anolis/cloud-kernel/pulls/1947

Comment 2 宁畅 alibaba_cloud_group

2023-10-19 11:42:27 UTC

已合入：https://gitee.com/anolis/cloud-kernel/pulls/1996