ALAS2KERNEL-5.4-2023-045 --- kernelID: oval:org.secpod.oval:def:1701303 | Date: (C)2023-05-18 (M)2024-05-27 |
Class: PATCH | Family: unix |
A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors. qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX
Product: |
kernel |
perf |
python-perf |
bpftool |