A heap out-of-bounds read/write vulnerability in the Linux Kernel traffic control (QoS) subsystem can be exploited to achieve local privilege escalation. The qfq_change_class function does not properly limit the lmax variable which can lead to out-of-bounds read/write. If the TCA_QFQ_LMAX value is not offered through nlattr, lmax is determined by the MTU value of the network device. The MTU of the loopback device can be set up to 2^31-1 and as a result, it is possible to have an lmax value that exceeds QFQ_MIN_LMAX. We recommend upgrading past commit 3037933448f60f9acb705997eae62013ecb81e0d. CREATE(Triage):(User=admin) CVE-2023-2248 (https://nvd.nist.gov/vuln/detail/CVE-2023-2248)
