CVE-2023-31436

First published: Fri Apr 28 2023(Updated: )

A flaw in the Linux Kernel found. A heap out-of-bounds read vulnerability in the Linux Kernel traffic control (QoS) subsystem can be exploited to achieve local privilege escalation. The qfq_change_class function does not properly limit the lmax variable which can lead to out-of-bounds read/write. If the TCA_QFQ_LMAX value is not offered through nlattr, lmax is determined by the MTU value of the network device. The MTU of the loopback device can be set up to 2^31-1 and as a result, it is possible to have an lmax value that exceeds QFQ_MIN_LMAX. Reference: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3037933448f60f9acb705997eae62013ecb81e0d">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3037933448f60f9acb705997eae62013ecb81e0d</a>

Credit: cve@mitre.org cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Linux Linux kernel	>=3.7<4.14.314
Linux Linux kernel	>=4.15<4.19.282
Linux Linux kernel	>=4.20<5.4.242
Linux Linux kernel	>=5.5.0<5.10.179
Linux Linux kernel	>=5.11<5.15.109
Linux Linux kernel	>=5.16<6.1.26
Linux Linux kernel	>=6.2<6.2.13
IBM QRadar SIEM	<=7.5 - 7.5.0 UP8 IF01
debian/linux		5.10.218-1 5.10.221-1 6.1.94-1 6.1.99-1 6.9.10-1 6.9.12-1
ubuntu/linux	<4.15.0-212.223	4.15.0-212.223
ubuntu/linux	<5.4.0-150.167	5.4.0-150.167
ubuntu/linux	<5.15.0-73.80	5.15.0-73.80
ubuntu/linux	<5.19.0-43.44	5.19.0-43.44
ubuntu/linux	<6.2.0-23.23	6.2.0-23.23
ubuntu/linux	<3.13.0-194.245	3.13.0-194.245
ubuntu/linux	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux	<4.4.0-241.275	4.4.0-241.275
ubuntu/linux-allwinner	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-allwinner-5.19	<5.19.0-1013.13~22.04.1	5.19.0-1013.13~22.04.1
ubuntu/linux-allwinner-5.19	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-aws	<4.15.0-1157.170	4.15.0-1157.170
ubuntu/linux-aws	<5.4.0-1103.111	5.4.0-1103.111
ubuntu/linux-aws	<5.15.0-1037.41	5.15.0-1037.41
ubuntu/linux-aws	<5.19.0-1026.27	5.19.0-1026.27
ubuntu/linux-aws	<6.2.0-1005.5	6.2.0-1005.5
ubuntu/linux-aws	<4.4.0-1119.125	4.4.0-1119.125
ubuntu/linux-aws	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-aws	<4.4.0-1157.172	4.4.0-1157.172
ubuntu/linux-aws-5.0	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-aws-5.15	<5.15.0-1037.41~20.04.1	5.15.0-1037.41~20.04.1
ubuntu/linux-aws-5.15	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-aws-5.19	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-aws-5.4	<5.4.0-1103.111~18.04.1	5.4.0-1103.111~18.04.1
ubuntu/linux-aws-5.4	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-aws-6.2	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-aws-6.5	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-aws-fips	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-aws-hwe	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-aws-hwe	<4.15.0-1157.170~16.04.1	4.15.0-1157.170~16.04.1
ubuntu/linux-azure	<5.4.0-1109.115	5.4.0-1109.115
ubuntu/linux-azure	<5.15.0-1039.46	5.15.0-1039.46
ubuntu/linux-azure	<5.19.0-1027.30	5.19.0-1027.30
ubuntu/linux-azure	<6.2.0-1005.5	6.2.0-1005.5
ubuntu/linux-azure	<4.15.0-1166.181~14.04.1	4.15.0-1166.181~14.04.1
ubuntu/linux-azure	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-azure	<4.15.0-1166.181~16.04.1	4.15.0-1166.181~16.04.1
ubuntu/linux-azure-4.15	<4.15.0-1166.181	4.15.0-1166.181
ubuntu/linux-azure-4.15	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-azure-5.15	<5.15.0-1039.46~20.04.1	5.15.0-1039.46~20.04.1
ubuntu/linux-azure-5.15	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-azure-5.4	<5.4.0-1109.115~18.04.1	5.4.0-1109.115~18.04.1
ubuntu/linux-azure-5.4	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-azure-6.5	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-azure-edge	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-azure-fde	<5.4.0-1109.115	5.4.0-1109.115
ubuntu/linux-azure-fde	<5.15.0-1039.46.1	5.15.0-1039.46.1
ubuntu/linux-azure-fde	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-azure-fde-5.15	<5.15.0-1039.46~20.04.1.1	5.15.0-1039.46~20.04.1.1
ubuntu/linux-azure-fde-5.15	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-azure-fde-5.19	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-azure-fips	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-bluefield	<5.4.0-1064.70	5.4.0-1064.70
ubuntu/linux-bluefield	<5.15.0-1017.19	5.15.0-1017.19
ubuntu/linux-bluefield	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-dell300x	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-fips	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-gcp	<5.4.0-1106.115	5.4.0-1106.115
ubuntu/linux-gcp	<5.15.0-1035.43	5.15.0-1035.43
ubuntu/linux-gcp	<5.19.0-1025.27	5.19.0-1025.27
ubuntu/linux-gcp	<6.2.0-1007.7	6.2.0-1007.7
ubuntu/linux-gcp	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-gcp	<4.15.0-1151.167~16.04.1	4.15.0-1151.167~16.04.1
ubuntu/linux-gcp-4.15	<4.15.0-1151.167	4.15.0-1151.167
ubuntu/linux-gcp-4.15	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-gcp-5.15	<5.15.0-1035.43~20.04.1	5.15.0-1035.43~20.04.1
ubuntu/linux-gcp-5.15	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-gcp-5.19	<5.19.0-1025.27~22.04.1	5.19.0-1025.27~22.04.1
ubuntu/linux-gcp-5.19	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-gcp-5.4	<5.4.0-1106.115~18.04.1	5.4.0-1106.115~18.04.1
ubuntu/linux-gcp-5.4	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-gcp-6.5	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-gcp-fips	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-gke	<5.4.0-1100.107	5.4.0-1100.107
ubuntu/linux-gke	<5.15.0-1034.39	5.15.0-1034.39
ubuntu/linux-gke	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-gke-4.15	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-gke-5.0	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-gke-5.15	<5.15.0-1034.39~20.04.1	5.15.0-1034.39~20.04.1
ubuntu/linux-gke-5.15	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-gke-5.4	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-gkeop	<5.4.0-1070.74	5.4.0-1070.74
ubuntu/linux-gkeop	<5.15.0-1021.26	5.15.0-1021.26
ubuntu/linux-gkeop	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-gkeop-5.15	<5.15.0-1021.26~20.04.1	5.15.0-1021.26~20.04.1
ubuntu/linux-gkeop-5.15	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-gkeop-5.4	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-hwe	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-hwe	<4.15.0-212.223~16.04.1	4.15.0-212.223~16.04.1
ubuntu/linux-hwe-5.15	<5.15.0-73.80~20.04.1	5.15.0-73.80~20.04.1
ubuntu/linux-hwe-5.15	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-hwe-5.19	<5.19.0-43.44~22.04.1	5.19.0-43.44~22.04.1
ubuntu/linux-hwe-5.4	<5.4.0-150.167~18.04.1	5.4.0-150.167~18.04.1
ubuntu/linux-hwe-5.4	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-hwe-6.2	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-hwe-6.5	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-hwe-edge	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-ibm	<5.4.0-1050.55	5.4.0-1050.55
ubuntu/linux-ibm	<5.15.0-1031.34	5.15.0-1031.34
ubuntu/linux-ibm	<5.19.0-1023.25	5.19.0-1023.25
ubuntu/linux-ibm	<6.2.0-1003.3	6.2.0-1003.3
ubuntu/linux-ibm	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-ibm-5.15	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-ibm-5.4	<5.4.0-1050.55~18.04.1	5.4.0-1050.55~18.04.1
ubuntu/linux-ibm-5.4	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-intel	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-intel-5.13	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-intel-iotg	<5.15.0-1031.36	5.15.0-1031.36
ubuntu/linux-intel-iotg	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-intel-iotg-5.15	<5.15.0-1031.36~20.04.1	5.15.0-1031.36~20.04.1
ubuntu/linux-intel-iotg-5.15	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-iot	<5.4.0-1017.18	5.4.0-1017.18
ubuntu/linux-iot	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-kvm	<4.15.0-1141.146	4.15.0-1141.146
ubuntu/linux-kvm	<5.4.0-1092.98	5.4.0-1092.98
ubuntu/linux-kvm	<5.15.0-1034.39	5.15.0-1034.39
ubuntu/linux-kvm	<5.19.0-1024.25	5.19.0-1024.25
ubuntu/linux-kvm	<6.2.0-1006.6	6.2.0-1006.6
ubuntu/linux-kvm	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-kvm	<4.4.0-1120.130	4.4.0-1120.130
ubuntu/linux-laptop	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-lowlatency	<5.15.0-73.80	5.15.0-73.80
ubuntu/linux-lowlatency	<5.19.0-1025.26	5.19.0-1025.26
ubuntu/linux-lowlatency	<6.2.0-1005.5	6.2.0-1005.5
ubuntu/linux-lowlatency	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-lowlatency-hwe-5.15	<5.15.0-73.80~20.04.1	5.15.0-73.80~20.04.1
ubuntu/linux-lowlatency-hwe-5.15	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-lowlatency-hwe-5.19	<5.19.0-1025.26~22.04.1	5.19.0-1025.26~22.04.1
ubuntu/linux-lowlatency-hwe-5.19	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-lowlatency-hwe-6.2	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-lowlatency-hwe-6.5	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-lts-xenial	<4.4.0-241.275~14.04.1	4.4.0-241.275~14.04.1
ubuntu/linux-lts-xenial	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-nvidia	<5.15.0-1026.26	5.15.0-1026.26
ubuntu/linux-nvidia	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-nvidia-6.5	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-nvidia-6.8	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-nvidia-lowlatency	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-oem	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-oem-5.10	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-oem-5.14	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-oem-5.17	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-oem-5.6	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-oem-6.0	<6.0.0-1021.21	6.0.0-1021.21
ubuntu/linux-oem-6.0	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-oem-6.1	<6.1.0-1014.14	6.1.0-1014.14
ubuntu/linux-oem-6.1	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-oem-6.5	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-oem-6.8	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-oem-osp1	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-oracle	<4.15.0-1120.131	4.15.0-1120.131
ubuntu/linux-oracle	<5.4.0-1102.111	5.4.0-1102.111
ubuntu/linux-oracle	<5.15.0-1036.42	5.15.0-1036.42
ubuntu/linux-oracle	<5.19.0-1024.27	5.19.0-1024.27
ubuntu/linux-oracle	<6.2.0-1005.5	6.2.0-1005.5
ubuntu/linux-oracle	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-oracle	<4.15.0-1120.131~16.04.1	4.15.0-1120.131~16.04.1
ubuntu/linux-oracle-5.0	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-oracle-5.13	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-oracle-5.15	<5.15.0-1036.42~20.04.1	5.15.0-1036.42~20.04.1
ubuntu/linux-oracle-5.15	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-oracle-5.4	<5.4.0-1102.111~18.04.1	5.4.0-1102.111~18.04.1
ubuntu/linux-oracle-5.4	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-oracle-6.5	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-raspi	<5.4.0-1086.97	5.4.0-1086.97
ubuntu/linux-raspi	<5.15.0-1030.32	5.15.0-1030.32
ubuntu/linux-raspi	<5.19.0-1019.26	5.19.0-1019.26
ubuntu/linux-raspi	<6.2.0-1006.8	6.2.0-1006.8
ubuntu/linux-raspi	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-raspi-5.4	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-raspi2	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-riscv	<5.19.0-1019.21	5.19.0-1019.21
ubuntu/linux-riscv	<6.2.0-23.23.1	6.2.0-23.23.1
ubuntu/linux-riscv	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-riscv-5.15	<5.15.0-1034.38~20.04.1	5.15.0-1034.38~20.04.1
ubuntu/linux-riscv-5.15	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-riscv-6.5	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-snapdragon	<4.15.0-1151.161	4.15.0-1151.161
ubuntu/linux-snapdragon	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-starfive	<6.2.0-1002.2	6.2.0-1002.2
ubuntu/linux-starfive	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-starfive-5.19	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-starfive-6.5	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109
ubuntu/linux-xilinx-zynqmp	<5.4.0-1024.28	5.4.0-1024.28
ubuntu/linux-xilinx-zynqmp	<6.3<5.4.242<5.15.109	6.3 5.4.242 5.15.109

Remedy

If not needed, disable the ability for unprivileged users to create namespaces. To do this temporarily, do: sudo sysctl -w kernel.unprivileged_userns_clone=0 To disable across reboots, do: echo kernel.unprivileged_userns_clone=0 | \ sudo tee /etc/sysctl.d/99-disable-unpriv-userns.conf

Remedy

https://git.kernel.org/linus/3015f3d2a3cd9614294025849d3ed89fd2f3a7f5

Remedy

https://git.kernel.org/linus/3037933448f60f9acb705997eae62013ecb81e0d

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

collector/launchpad-cve
collector/nvd-index
collector/mitre-cve
agent/type
agent/first-publish-date
agent/author
agent/remedy
agent/weakness
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
collector/nvd-api
agent/software-canonical-lookup-request
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2023-31436
collector/ibm-support
source/IBM
agent/references
agent/severity
agent/last-modified-date
agent/description
agent/event
agent/tags
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/usn-cve
source/Ubuntu
vendor/linux
canonical/linux linux kernel
version/linux linux kernel/3.7
version/linux linux kernel/4.15
version/linux linux kernel/4.20
version/linux linux kernel/5.5.0
version/linux linux kernel/5.11
version/linux linux kernel/5.16
version/linux linux kernel/6.2
vendor/ibm
canonical/ibm qradar siem
version/ibm qradar siem/7.5 - 7.5.0 up8 if01
package-manager/debian
package-manager/ubuntu

CVE-2023-31436

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Company

Resources

Contact