Linux Kernel Privilege Escalation Vulnerability in ETS Qdisc

A vulnerability allowing local privilege escalation has been identified in the Linux kernel's Ethernet Traffic Scheduling (ETS) class handling. The issue arises in the 'net/sched/sch_ets.c' file, where the 'ets_class_from_arg()' function can index an out-of-bounds class when given a class ID of zero. This out-of-bounds access, detected by the Undefined Behavior Sanitizer, could potentially be exploited to escalate privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation.

Reproduction

The vulnerability can be reproduced by sending a Netlink message to the Traffic Control (TC) subsystem with an invalid class ID that triggers the out-of-bounds access in the ETS class handling. This can be done using a custom program or script that interacts with the Netlink interface, specifically targeting the ETS queuing discipline.