CVE-2023-3812
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 8 | 0:4.18.0-513.9.1.rt7.311.el8_9 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8 | 0:4.18.0-513.9.1.el8_9 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | 0:4.18.0-147.94.1.el8_1 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support | 0:4.18.0-193.133.1.el8_2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.2 Telecommunications Update Service | 0:4.18.0-193.133.1.rt13.184.el8_2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.2 Telecommunications Update Service | 0:4.18.0-193.133.1.el8_2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | 0:4.18.0-193.133.1.el8_2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | 0:4.18.0-305.120.1.el8_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service | 0:4.18.0-305.120.1.rt7.196.el8_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service | 0:4.18.0-305.120.1.el8_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | 0:4.18.0-305.120.1.el8_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support | 0:4.18.0-372.87.1.el8_6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support | 0:4.18.0-477.43.1.el8_8 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:5.14.0-362.18.1.el9_3 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:5.14.0-362.18.1.el9_3 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.0 Extended Update Support | 0:5.14.0-70.80.1.el9_0 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.0 Extended Update Support | 0:5.14.0-70.80.1.rt21.151.el9_0 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support | 0:5.14.0-284.40.1.el9_2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support | 0:5.14.0-284.40.1.rt14.325.el9_2 < * | unaffected |
| Red Hat | Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 | 0:4.18.0-372.87.1.el8_6 < * | unaffected |
Weaknesses
- CWE-787: Out-of-bounds Write
Workarounds
To mitigate this issue, prevent the tun module from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.
ADP Enrichment
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2023:6799
- https://access.redhat.com/errata/RHSA-2023:6813
- https://access.redhat.com/errata/RHSA-2023:7370
- https://access.redhat.com/errata/RHSA-2023:7379
- https://access.redhat.com/errata/RHSA-2023:7382
- https://access.redhat.com/errata/RHSA-2023:7389
- https://access.redhat.com/errata/RHSA-2023:7411
- https://access.redhat.com/errata/RHSA-2023:7418
- https://access.redhat.com/errata/RHSA-2023:7548
- https://access.redhat.com/errata/RHSA-2023:7549
- https://access.redhat.com/errata/RHSA-2023:7554
- https://access.redhat.com/errata/RHSA-2024:0340
- https://access.redhat.com/errata/RHSA-2024:0378
- https://access.redhat.com/errata/RHSA-2024:0412
- https://access.redhat.com/errata/RHSA-2024:0461
- https://access.redhat.com/errata/RHSA-2024:0554
- https://access.redhat.com/errata/RHSA-2024:0562
- https://access.redhat.com/errata/RHSA-2024:0563
- https://access.redhat.com/errata/RHSA-2024:0575
- https://access.redhat.com/errata/RHSA-2024:0593
- https://access.redhat.com/errata/RHSA-2024:1961
- https://access.redhat.com/errata/RHSA-2024:2006
- https://access.redhat.com/errata/RHSA-2024:2008
- https://access.redhat.com/security/cve/CVE-2023-3812
- https://bugzilla.redhat.com/show_bug.cgi?id=2224048
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://access.redhat.com/errata/RHSA-2023:6799
- https://access.redhat.com/errata/RHSA-2023:6813
- https://access.redhat.com/errata/RHSA-2023:7370
- https://access.redhat.com/errata/RHSA-2023:7379
- https://access.redhat.com/errata/RHSA-2023:7382
- https://access.redhat.com/errata/RHSA-2023:7389
- https://access.redhat.com/errata/RHSA-2023:7411
- https://access.redhat.com/errata/RHSA-2023:7418
- https://access.redhat.com/errata/RHSA-2023:7548
- https://access.redhat.com/errata/RHSA-2023:7549
- https://access.redhat.com/errata/RHSA-2023:7554
- https://access.redhat.com/errata/RHSA-2024:0340
- https://access.redhat.com/errata/RHSA-2024:0378
- https://access.redhat.com/errata/RHSA-2024:0412
- https://access.redhat.com/errata/RHSA-2024:0461
- https://access.redhat.com/errata/RHSA-2024:0554
- https://access.redhat.com/errata/RHSA-2024:0562
- https://access.redhat.com/errata/RHSA-2024:0563
- https://access.redhat.com/errata/RHSA-2024:0575
- https://access.redhat.com/errata/RHSA-2024:0593
- https://access.redhat.com/errata/RHSA-2024:1961
- https://access.redhat.com/errata/RHSA-2024:2006
- https://access.redhat.com/errata/RHSA-2024:2008
- https://access.redhat.com/security/cve/CVE-2023-3812
- https://bugzilla.redhat.com/show_bug.cgi?id=2224048
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.