Login Sign Up

CVE-2023-3611

7.8 HIGH

📋 TL;DR

This CVE-2023-3611 is an out-of-bounds write vulnerability in the Linux kernel's QFQ scheduler component that allows local attackers to escalate privileges. It affects Linux systems with the QFQ scheduler enabled, potentially allowing attackers to gain root access from an unprivileged local account.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Linux kernel versions before commit 3e337087c3b5805fe0b8a46ba622a962880b5d64
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if the QFQ scheduler (CONFIG_NET_SCH_QFQ) is enabled and configured. Many distributions don't enable this by default.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with root privileges, allowing complete control over the affected system, data theft, and lateral movement within the network.

🟠

Likely Case

Local privilege escalation to root, enabling attackers to install malware, modify system configurations, or access sensitive data.

🟢

If Mitigated

Limited impact if proper access controls, SELinux/AppArmor, and least privilege principles are enforced, though kernel compromise remains serious.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the system.
🏢 Internal Only: HIGH - Any compromised user account on affected systems can potentially escalate to root privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and knowledge of kernel exploitation techniques. No public exploit code has been disclosed as of the advisory dates.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commit 3e337087c3b5805fe0b8a46ba622a962880b5d64

Vendor Advisory: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e337087c3b5805fe0b8a46ba622a962880b5d64

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing commit 3e337087c3b5805fe0b8a46ba622a962880b5d64. 2. For Debian systems: apt update && apt upgrade linux-image-$(uname -r). 3. Reboot the system to load the new kernel.

🔧 Temporary Workarounds

Disable QFQ scheduler

linux

Remove or disable the QFQ scheduler module if not required

rmmod sch_qfq
echo 'blacklist sch_qfq' > /etc/modprobe.d/disable-qfq.conf

🧯 If You Can't Patch

  • Implement strict access controls and limit local user accounts
  • Enable SELinux/AppArmor with restrictive policies and monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if QFQ module is loaded: uname -r && lsmod | grep qfq

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commit: grep -q '3e337087c3b5805fe0b8a46ba622a962880b5d64' /proc/version_signature || echo 'Check kernel changelog'

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • System crash dumps
  • Unusual privilege escalation in audit logs

Network Indicators:

  • None - this is a local exploit

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "general protection fault") OR source="audit" AND "privilege" AND "escalation"

📊 Metadata

CVE ID: CVE-2023-3611
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: July 21, 2023
Last Updated: February 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-3611, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)