CVE-2023-23454
Linux Kernel vulnerability analysis and mitigation

Overview

CVE-2023-23454 affects the Linux kernel through version 6.1.4, specifically in the cbqclassify function within net/sched/schcbq.c. The vulnerability was discovered by Kyle Zeng and was introduced in Linux-2.6.12-rc2 in 2005. It allows attackers to cause a denial of service through a slab-out-of-bounds read due to type confusion, where non-negative numbers can sometimes indicate a TCACTSHOT condition rather than valid classification results (Kernel Commit, OSS Security).

Technical details

The vulnerability stems from a type confusion issue where the code accesses classification results before properly checking the classification return code in the network scheduler's code. The bug occurs when result >= 0 does not ensure res.class contains valid results, particularly when result indicates the packet should be dropped (TCACTSHOT) while res.class contains invalid data. This happens because res.class is a large union attribute that can be used for other purposes before being marked as TCACTSHOT. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

Impact

The vulnerability can lead to a denial of service condition through a slab-out-of-bounds read. When exploited, it can cause system crashes due to type confusion between struct cbq_class and whatever struct that res.class was used as before it is returned. This has been demonstrated through proof-of-concept crashes showing KASAN (Kernel Address Sanitizer) detecting slab-out-of-bounds reads (OSS Security).

Mitigation and workarounds

The vulnerability has been patched in the Linux kernel with commit caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12. The fix involves properly checking the classification return code before accessing the classification results. Various Linux distributions have released security updates to address this vulnerability, including Debian with DSA-5324-1 and DLA-3349-1 (Debian Security, Debian LTS).

Additional resources


SourceThis report was generated using AI

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management