
Cloud Vulnerability DB
A community-led vulnerabilities database
CVE-2023-23454 affects the Linux kernel through version 6.1.4, specifically in the cbqclassify function within net/sched/schcbq.c. The vulnerability was discovered by Kyle Zeng and was introduced in Linux-2.6.12-rc2 in 2005. It allows attackers to cause a denial of service through a slab-out-of-bounds read due to type confusion, where non-negative numbers can sometimes indicate a TCACTSHOT condition rather than valid classification results (Kernel Commit, OSS Security).
The vulnerability stems from a type confusion issue where the code accesses classification results before properly checking the classification return code in the network scheduler's code. The bug occurs when result >= 0 does not ensure res.class contains valid results, particularly when result indicates the packet should be dropped (TCACTSHOT) while res.class contains invalid data. This happens because res.class is a large union attribute that can be used for other purposes before being marked as TCACTSHOT. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).
The vulnerability can lead to a denial of service condition through a slab-out-of-bounds read. When exploited, it can cause system crashes due to type confusion between struct cbq_class and whatever struct that res.class was used as before it is returned. This has been demonstrated through proof-of-concept crashes showing KASAN (Kernel Address Sanitizer) detecting slab-out-of-bounds reads (OSS Security).
The vulnerability has been patched in the Linux kernel with commit caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12. The fix involves properly checking the classification return code before accessing the classification results. Various Linux distributions have released security updates to address this vulnerability, including Debian with DSA-5324-1 and DLA-3349-1 (Debian Security, Debian LTS).
Source: This report was generated using AI
Free Vulnerability Assessment
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
"We know that if Wiz identifies something as critical, it actually is."