ALAS2023-2023-228 --- kernelID: oval:org.secpod.oval:def:19500258 | Date: (C)2024-01-04 (M)2024-04-25 |
Class: PATCH | Family: unix |
A flaw was found in the Linux kernel's networking subsystem within the RPL protocol's handling. This issue results from the improper handling of user-supplied data, which can lead to an assertion failure. This flaw allows an unauthenticated, remote attacker to create a denial of service condition on the system. An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation
Platform: |
Amazon Linux 2023 |
Product: |
kernel |
bpftool |
python3-perf |
perf |