CVE-2023-4921

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-4921

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4921.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-4921

Downstream

BELL-CVE-2023-4921

DEBIAN-CVE-2023-4921

DLA-3623-1

DLA-3710-1

OESA-2023-1666

OESA-2023-1667

OESA-2023-1668

OESA-2023-1669

OESA-2023-1670

RHSA-2024:0562

RHSA-2024:0563

RHSA-2024:0593

RHSA-2024:0724

RHSA-2024:0851

RHSA-2024:0876

RHSA-2024:0881

RHSA-2024:0897

RHSA-2024:0980

RHSA-2024:0999

RHSA-2024:1249

RHSA-2024:1268

RHSA-2024:1269

RHSA-2024:1278

RHSA-2024:1323

RHSA-2024:1332

RHSA-2024:1368

RHSA-2024:1404

RHSA-2024:1831

SUSE-SU-2023:4030-1

SUSE-SU-2023:4031-1

SUSE-SU-2023:4032-1

SUSE-SU-2023:4033-1

SUSE-SU-2023:4035-1

SUSE-SU-2023:4057-1

SUSE-SU-2023:4058-1

SUSE-SU-2023:4071-1

SUSE-SU-2023:4072-1

SUSE-SU-2023:4072-2

SUSE-SU-2023:4093-1

SUSE-SU-2023:4095-1

SUSE-SU-2023:4142-1

SUSE-SU-2023:4347-1

SUSE-SU-2024:0469-1

SUSE-SU-2024:0474-1

SUSE-SU-2024:0478-1

SUSE-SU-2024:0514-1

SUSE-SU-2024:0515-1

SUSE-SU-2024:0516-1

SUSE-SU-2024:0622-1

SUSE-SU-2024:0624-1

SUSE-SU-2024:0655-1

SUSE-SU-2024:0666-1

SUSE-SU-2024:0685-1

SUSE-SU-2024:0698-1

SUSE-SU-2024:0727-1

Related

Published

2023-09-12T20:15:10Z

Modified

2025-08-09T19:01:28Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.

When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfqdequeue() due to the incorrect .peek handler of schplug and lack of error checking in agg_dequeue().

We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.

References

Affected packages