gsd-2023-3812
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Aliases
Aliases
{ GSD: { alias: "CVE-2023-3812", id: "GSD-2023-3812", }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2023-3812", ], details: "An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.", id: "GSD-2023-3812", modified: "2023-12-13T01:20:54.401563Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2023-3812", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Red Hat Enterprise Linux 8", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.18.0-513.9.1.rt7.311.el8_9", versionType: "rpm", }, ], }, }, { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.18.0-513.9.1.el8_9", versionType: "rpm", }, ], }, }, { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.18.0-147.94.1.el8_1", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 8.2 Advanced Update Support", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.18.0-193.133.1.el8_2", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.18.0-193.133.1.rt13.184.el8_2", versionType: "rpm", }, ], }, }, { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.18.0-193.133.1.el8_2", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.18.0-193.133.1.el8_2", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.18.0-305.120.1.el8_4", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.18.0-305.120.1.rt7.196.el8_4", versionType: "rpm", }, ], }, }, { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.18.0-305.120.1.el8_4", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.18.0-305.120.1.el8_4", versionType: "rpm", }, ], }, }, { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 8.6 Extended Update Support", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.18.0-372.87.1.el8_6", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 8.8 Extended Update Support", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.18.0-477.43.1.el8_8", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 9", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.14.0-362.18.1.el9_3", versionType: "rpm", }, ], }, }, { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.14.0-362.18.1.el9_3", versionType: "rpm", }, ], }, }, { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 9.0 Extended Update Support", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.14.0-70.80.1.el9_0", versionType: "rpm", }, ], }, }, { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.14.0-70.80.1.rt21.151.el9_0", versionType: "rpm", }, ], }, }, { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 9.2 Extended Update Support", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.14.0-284.40.1.el9_2", versionType: "rpm", }, ], }, }, { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.14.0-284.40.1.rt14.325.el9_2", versionType: "rpm", }, ], }, }, { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, ], }, }, { product_name: "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.18.0-372.87.1.el8_6", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 6", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 7", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, ], }, }, ], }, vendor_name: "Red Hat", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.", }, ], }, impact: { cvss: [ { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], }, problemtype: { problemtype_data: [ { description: [ { cweId: "CWE-787", lang: "eng", value: "Out-of-bounds Write", }, ], }, ], }, references: { reference_data: [ { name: "https://access.redhat.com/errata/RHSA-2023:6799", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2023:6799", }, { name: "https://access.redhat.com/errata/RHSA-2023:6813", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2023:6813", }, { name: "https://access.redhat.com/errata/RHSA-2023:7370", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2023:7370", }, { name: "https://access.redhat.com/errata/RHSA-2023:7379", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2023:7379", }, { name: "https://access.redhat.com/errata/RHSA-2023:7382", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2023:7382", }, { name: "https://access.redhat.com/errata/RHSA-2023:7389", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2023:7389", }, { name: "https://access.redhat.com/errata/RHSA-2023:7411", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2023:7411", }, { name: "https://access.redhat.com/errata/RHSA-2023:7418", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2023:7418", }, { name: "https://access.redhat.com/errata/RHSA-2023:7548", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2023:7548", }, { name: "https://access.redhat.com/errata/RHSA-2023:7549", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2023:7549", }, { name: "https://access.redhat.com/errata/RHSA-2023:7554", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2023:7554", }, { name: "https://access.redhat.com/errata/RHSA-2024:0340", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:0340", }, { name: "https://access.redhat.com/errata/RHSA-2024:0378", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:0378", }, { name: "https://access.redhat.com/errata/RHSA-2024:0412", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:0412", }, { name: "https://access.redhat.com/errata/RHSA-2024:0461", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:0461", }, { name: "https://access.redhat.com/errata/RHSA-2024:0554", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:0554", }, { name: "https://access.redhat.com/errata/RHSA-2024:0562", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:0562", }, { name: "https://access.redhat.com/errata/RHSA-2024:0563", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:0563", }, { name: "https://access.redhat.com/errata/RHSA-2024:0575", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:0575", }, { name: "https://access.redhat.com/errata/RHSA-2024:0593", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:0593", }, { name: "https://access.redhat.com/errata/RHSA-2024:1961", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:1961", }, { name: "https://access.redhat.com/errata/RHSA-2024:2006", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:2006", }, { name: "https://access.redhat.com/errata/RHSA-2024:2008", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:2008", }, { name: "https://access.redhat.com/security/cve/CVE-2023-3812", refsource: "MISC", url: "https://access.redhat.com/security/cve/CVE-2023-3812", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=2224048", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2224048", }, { name: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0", refsource: "MISC", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0", }, ], }, work_around: [ { lang: "en", value: "To mitigate this issue, prevent the tun module from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", }, ], }, "nvd.nist.gov": { cve: { configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "ABED5D97-9B16-4CF6-86E3-D5F5C4358E35", versionEndExcluding: "4.19.265", versionStartIncluding: "4.15", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "1D67A077-EB45-4ADE-94CD-F9A76F6C319C", versionEndExcluding: "5.4.224", versionStartIncluding: "4.20", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "475D097C-AB5A-4CF5-899F-413077854ABD", versionEndExcluding: "5.10.154", versionStartIncluding: "5.5", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "AB8B27B9-B41B-42D5-AE67-0A89A8A8EEB1", versionEndExcluding: "5.15.78", versionStartIncluding: "5.11", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "EC9A754E-625D-42F3-87A7-960D643E2867", versionEndExcluding: "6.0.8", versionStartIncluding: "5.16", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.", }, ], id: "CVE-2023-3812", lastModified: "2024-04-25T13:15:51.013", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secalert@redhat.com", type: "Secondary", }, ], }, published: "2023-07-24T16:15:13.337", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://access.redhat.com/errata/RHSA-2023:6799", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://access.redhat.com/errata/RHSA-2023:6813", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://access.redhat.com/errata/RHSA-2023:7370", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://access.redhat.com/errata/RHSA-2023:7379", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://access.redhat.com/errata/RHSA-2023:7382", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://access.redhat.com/errata/RHSA-2023:7389", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://access.redhat.com/errata/RHSA-2023:7411", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://access.redhat.com/errata/RHSA-2023:7418", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://access.redhat.com/errata/RHSA-2023:7548", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://access.redhat.com/errata/RHSA-2023:7549", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://access.redhat.com/errata/RHSA-2023:7554", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:0340", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:0378", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:0412", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:0461", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:0554", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:0562", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:0563", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:0575", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:0593", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:1961", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:2006", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:2008", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-3812", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2224048", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "secalert@redhat.com", type: "Secondary", }, ], }, }, }, }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.