Wind River Support Network


LIN1021-6513 : Security Advisory - linux - CVE-2023-4921

Created: Sep 12, 2023    Updated: Oct 7, 2023
Resolved Date: Oct 7, 2023
Found In Version:
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Kernel


A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.

When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().

We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.

CREATE(Triage):(User=admin) CVE-2023-4921 (


Live chat