ALAS-2023-1744 --- kernelID: oval:org.secpod.oval:def:1601703 | Date: (C)2023-06-01 (M)2024-05-04 |
Class: PATCH | Family: unix |
A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors. qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX
Platform: |
Amazon Linux AMI |