← Back

CVE-2023-35788

nvd nist
Published: Jun 16, 2023Modified: May 5, 2025

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.

Affected (19)

Show all products
Linux: Linux Kernel · Debian: Debian Linux · Netapp: H300s Firmware, H500s Firmware, H700s Firmware, H410s Firmware, H410c Firmware · Canonical: Ubuntu Linux
Linux
1 product
Linux Kernel
Debian
1 product
Debian Linux
Netapp
5 products
H300s Firmware
H500s Firmware
H700s Firmware
H410s Firmware
H410c Firmware
Canonical
1 product
Ubuntu Linux
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Linux
Linux Kernel
From 4.19 to 4.19.285
Linux Kernel
From 4.20 to 5.4.246
Linux Kernel
From 5.11 to 5.15.116
Linux Kernel
From 5.16 to 6.1.33
Linux Kernel
From 5.5 to 5.10.183
Linux Kernel
From 6.2 to 6.3.7
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 12.0
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H300s Firmware
All versions
Running on/withPlatform Versions
Netapp
H300s
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H500s Firmware
All versions
Running on/withPlatform Versions
Netapp
H500s
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H700s Firmware
All versions
Running on/withPlatform Versions
Netapp
H700s
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H410s Firmware
All versions
Running on/withPlatform Versions
Netapp
H410s
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H410c Firmware
All versions
Running on/withPlatform Versions
Netapp
H410c
All versions
Configuration H
5 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 14.04
Ubuntu Linux
Version 16.04
Ubuntu Linux
Version 18.04
Ubuntu Linux
Version 20.04
Ubuntu Linux
Version 22.04
Configuration I
2 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 10.0
Debian Linux
Version 11.0

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (20)

Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
ExploitMailing List
Source: cve@mitre.org
Mailing ListPatch
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
ExploitMailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMailing List

Timeline

No history available yet.