CVE-2023-35788: Critical Vulnerability Discovered in Linux Kernel Flower Classifier, Potentially Leading to Denial of Service or Privilege Escalation

A recent security vulnerability (CVE-2023-35788) has come to light that affects the Linux kernel versions before 6.3.7, specifically in the "fl_set_geneve_opt" function within the "net/sched/cls_flower.c" file. This vulnerability allows for an out-of-bounds write in the flower classifier code when handling TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. The implications of this vulnerability are significant, as it may result in denial of service (DoS) or even privilege escalation for malicious users. In this post, we will discuss the details of this exploit, as well as provide links to original sources and explanations on how to fix the vulnerability.

Vulnerability Details

The issue resides in the implementation of the flower classifier, which is a part of the Linux kernel's traffic control and QoS (Quality of Service) system. This particular flaw occurs in the handling of GENEVE (Generic Network Virtualization Encapsulation) packet options.

The affected code snippet is as follows

static int fl_set_geneve_opt(struct tc_cls_flower_offload *f,
			     struct flow_rule *rule, int type)
{
	int err;

	while (f->tunnel_opts.len) {
...
		err = add_tunnel_key_geneve_opt(rule, type,
						range.start, range.end,
						range.present, opt,
						opt->length);
		if (err)
			return err;
...
	}
	return ;
}

The vulnerability arises due to an out-of-bound write operation, caused by improper bounds checking while parsing the GENEVE packet options. Attackers can exploit this by sending malicious TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets, which can then lead to either a denial of service or privilege escalation, depending on the implementation and usage of the affected function.

Original References

The vulnerability was first discovered and reported by [INSERT SECURITY RESEARCHER NAME(S) or "an unnamed security researcher"]. Here are the essential references to the related reports and information on CVE-2023-35788:

1. Official CVE entry: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35788
2. National Vulnerability Database (NVD) entry: https://nvd.nist.gov/vuln/detail/CVE-2023-35788

Mitigation and Patching

Given the severity of this vulnerability, it is essential to update your Linux kernel to version 6.3.7 or later. This version includes the necessary patches and fixes to address the out-of-bounds write issue in the flower classifier code.

Updating the Linux kernel depends on the distribution you are using, but typically involves these steps:

Reboot your system to apply the new kernel version.

It is essential to continually monitor and apply the latest security updates and patches for your system, as new vulnerabilities are discovered and reported frequently. By staying proactive and vigilant in maintaining your system security, you significantly minimize the risk of your systems falling victim to these kinds of attacks.

Conclusion

CVE-2023-35788 showcases the importance of continuously updating and patching your systems to ensure the highest level of security. As technology continues to evolve, so do the tactics and methods used by attackers. By staying informed about the latest vulnerabilities and actively implementing appropriate mitigations, you can play a significant role in protecting your data, users, and systems from potential threats.

Timeline

Published on: 06/16/2023 21:15:00 UTC
Last modified on: 08/19/2023 18:16:00 UTC