CVE-2023-35788 Report - Details, Severity, & Advisories
Twingate Team
•
Jul 12, 2024
What is CVE-2023-35788?
CVE-2023-35788 is a high-severity vulnerability in the Linux kernel's Flower classifier component. It can result in denial of service or privilege escalation. The issue is present in the fl_set_geneve_opt function, and a patch is available. Users should update their software to mitigate this risk
Who is impacted by CVE-2023-35788?
This vulnerability affects users of the Linux kernel before version 6.3.7, including those using Ubuntu and its derivatives (Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 14.04 ESM). It impacts systems using the Flower classifier (NET_CLS_FLOWER) and can result in denial of service or privilege escalation.
What to do if CVE-2023-35788 affected you
If you're affected by the CVE-2023-35788 vulnerability, it's crucial to take action to protect your system. Follow these simple steps to mitigate the risk:
Update your Linux kernel to version 6.3.7 or later.
For Ubuntu users, update the kernel livepatch to the specified versions for your release, as mentioned in the Kernel Live Patch Security Notice LSN-0097-1.
Apply the patch provided by Hangyu Hua, available at git.kernel.org, to address the issue in the Flower classifier.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-35788 vulnerability, affecting the Linux kernel's Flower classifier, is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue can lead to denial of service or privilege escalation. To mitigate the risk, users should update their Linux kernel to version 6.3.7 or later and apply the provided patch.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-787, an out-of-bounds write issue in the Linux kernel's Flower classifier, affecting various systems.
Learn More
For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-35788 Report - Details, Severity, & Advisories
Twingate Team
•
Jul 12, 2024
What is CVE-2023-35788?
CVE-2023-35788 is a high-severity vulnerability in the Linux kernel's Flower classifier component. It can result in denial of service or privilege escalation. The issue is present in the fl_set_geneve_opt function, and a patch is available. Users should update their software to mitigate this risk
Who is impacted by CVE-2023-35788?
This vulnerability affects users of the Linux kernel before version 6.3.7, including those using Ubuntu and its derivatives (Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 14.04 ESM). It impacts systems using the Flower classifier (NET_CLS_FLOWER) and can result in denial of service or privilege escalation.
What to do if CVE-2023-35788 affected you
If you're affected by the CVE-2023-35788 vulnerability, it's crucial to take action to protect your system. Follow these simple steps to mitigate the risk:
Update your Linux kernel to version 6.3.7 or later.
For Ubuntu users, update the kernel livepatch to the specified versions for your release, as mentioned in the Kernel Live Patch Security Notice LSN-0097-1.
Apply the patch provided by Hangyu Hua, available at git.kernel.org, to address the issue in the Flower classifier.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-35788 vulnerability, affecting the Linux kernel's Flower classifier, is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue can lead to denial of service or privilege escalation. To mitigate the risk, users should update their Linux kernel to version 6.3.7 or later and apply the provided patch.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-787, an out-of-bounds write issue in the Linux kernel's Flower classifier, affecting various systems.
Learn More
For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-35788 Report - Details, Severity, & Advisories
Twingate Team
•
Jul 12, 2024
What is CVE-2023-35788?
CVE-2023-35788 is a high-severity vulnerability in the Linux kernel's Flower classifier component. It can result in denial of service or privilege escalation. The issue is present in the fl_set_geneve_opt function, and a patch is available. Users should update their software to mitigate this risk
Who is impacted by CVE-2023-35788?
This vulnerability affects users of the Linux kernel before version 6.3.7, including those using Ubuntu and its derivatives (Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 14.04 ESM). It impacts systems using the Flower classifier (NET_CLS_FLOWER) and can result in denial of service or privilege escalation.
What to do if CVE-2023-35788 affected you
If you're affected by the CVE-2023-35788 vulnerability, it's crucial to take action to protect your system. Follow these simple steps to mitigate the risk:
Update your Linux kernel to version 6.3.7 or later.
For Ubuntu users, update the kernel livepatch to the specified versions for your release, as mentioned in the Kernel Live Patch Security Notice LSN-0097-1.
Apply the patch provided by Hangyu Hua, available at git.kernel.org, to address the issue in the Flower classifier.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-35788 vulnerability, affecting the Linux kernel's Flower classifier, is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue can lead to denial of service or privilege escalation. To mitigate the risk, users should update their Linux kernel to version 6.3.7 or later and apply the provided patch.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-787, an out-of-bounds write issue in the Linux kernel's Flower classifier, affecting various systems.
Learn More
For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions