{"id":"CVE-2023-31436","details":"qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.","modified":"2026-04-16T04:37:30.459737288Z","published":"2023-04-28T02:15:09.007Z","related":["ALSA-2023:7077","SUSE-SU-2023:2500-1","SUSE-SU-2023:2501-1","SUSE-SU-2023:2502-1","SUSE-SU-2023:2507-1","SUSE-SU-2023:2534-1","SUSE-SU-2023:2537-1","SUSE-SU-2023:2538-1","SUSE-SU-2023:2611-1","SUSE-SU-2023:2646-1","SUSE-SU-2023:2651-1","SUSE-SU-2023:2653-1","SUSE-SU-2023:2660-1","SUSE-SU-2023:2666-1","SUSE-SU-2023:2679-1","SUSE-SU-2023:2680-1","SUSE-SU-2023:2681-1","SUSE-SU-2023:2686-1","SUSE-SU-2023:2687-1","SUSE-SU-2023:2689-1","SUSE-SU-2023:2690-1","SUSE-SU-2023:2694-1","SUSE-SU-2023:2695-1","SUSE-SU-2023:2697-1","SUSE-SU-2023:2698-1","SUSE-SU-2023:2700-1","SUSE-SU-2023:2701-1","SUSE-SU-2023:2702-1","SUSE-SU-2023:2703-1","SUSE-SU-2023:2708-1","SUSE-SU-2023:2709-1","SUSE-SU-2023:2710-1","SUSE-SU-2023:2714-1","SUSE-SU-2023:2718-1","SUSE-SU-2023:2719-1","SUSE-SU-2023:2720-1","SUSE-SU-2023:2721-1","SUSE-SU-2023:2724-1","SUSE-SU-2023:2727-1","SUSE-SU-2023:2731-1","SUSE-SU-2023:2734-1","SUSE-SU-2023:2735-1","SUSE-SU-2023:2741-1","SUSE-SU-2023:2743-1","SUSE-SU-2023:2755-1","SUSE-SU-2023:2782-1","SUSE-SU-2023:2805-1","SUSE-SU-2023:2809-1","SUSE-SU-2023:2871-1"],"references":[{"type":"WEB","url":"http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230609-0001/"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5402"},{"type":"FIX","url":"https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.13"},{"type":"FIX","url":"https://github.com/torvalds/linux/commit/3037933448f60f9acb705997eae62013ecb81e0d"},{"type":"FIX","url":"https://www.spinics.net/lists/stable-commits/msg294885.html"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-31436.json","unresolved_ranges":[{"events":[{"introduced":"3.7"},{"fixed":"4.14.314"}]},{"events":[{"introduced":"4.15"},{"fixed":"4.19.282"}]},{"events":[{"introduced":"4.20"},{"fixed":"5.4.242"}]},{"events":[{"introduced":"5.5.0"},{"fixed":"5.10.179"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.15.109"}]},{"events":[{"introduced":"5.16"},{"fixed":"6.1.26"}]},{"events":[{"introduced":"6.2"},{"fixed":"6.2.13"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}