CVE-2023-3812: Kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags
First published: Wed Jul 19 2023(Updated: )
A flaw in the Linux Kernel found. If napi frags enabled and patch 363a5328f4b0 ("net: tun: fix bugs for oversize packet when napi frags enabled") not applied, then when local user try to send too large IPV6 packet (with big packet length), it can lead to out of bounds memory bug. Reference: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <6.1 | 6.1 |
| Linux Kernel | <=6.0.19 | |
| Linux Kernel | =6.1-rc1 | |
| Linux Kernel | =6.1-rc2 | |
| Linux Kernel | =6.1-rc3 | |
| Red Hat Enterprise Linux | =8.0 | |
| Red Hat Enterprise Linux | =9.0 | |
| Linux Kernel | >=4.15<4.19.265 | |
| Linux Kernel | >=4.20<5.4.224 | |
| Linux Kernel | >=5.5<5.10.154 | |
| Linux Kernel | >=5.11<5.15.78 | |
| Linux Kernel | >=5.16<6.0.8 | |
| IBM Security Verify Governance - Identity Manager | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager | <=ISVG 10.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0
- https://bugzilla.redhat.com/show_bug.cgi?id=2224048
- https://access.redhat.com/security/cve/CVE-2023-3812
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2224054
- https://access.redhat.com/errata/RHSA-2023:6799
- https://access.redhat.com/errata/RHSA-2023:6813
- https://access.redhat.com/errata/RHSA-2023:7379
- https://access.redhat.com/errata/RHSA-2023:7389
- https://access.redhat.com/errata/RHSA-2023:7382
- https://access.redhat.com/errata/RHSA-2023:7370
- https://access.redhat.com/errata/RHSA-2023:7411
- https://access.redhat.com/errata/RHSA-2023:7418
- https://access.redhat.com/errata/RHSA-2023:7548
- https://access.redhat.com/errata/RHSA-2023:7549
- https://access.redhat.com/errata/RHSA-2023:7554
- https://access.redhat.com/errata/RHSA-2024:0340
- https://access.redhat.com/errata/RHSA-2024:0378
- https://access.redhat.com/errata/RHSA-2024:0461
- https://access.redhat.com/errata/RHSA-2024:0412
- https://access.redhat.com/errata/RHSA-2024:0554
- https://access.redhat.com/errata/RHSA-2024:0563
- https://access.redhat.com/errata/RHSA-2024:0562
- https://access.redhat.com/errata/RHSA-2024:0593
- https://access.redhat.com/errata/RHSA-2024:0575
- https://access.redhat.com/errata/RHSA-2024:1961
- https://access.redhat.com/errata/RHSA-2024:2008
- https://access.redhat.com/errata/RHSA-2024:2006
- https://www.ibm.com/support/pages/node/7172423 (Advisory)
Frequently Asked Questions
What is CVE-2023-3812?
CVE-2023-3812 is an out-of-bounds memory access flaw found in the Linux kernel’s TUN/TAP device driver functionality.
How does CVE-2023-3812 impact a system?
CVE-2023-3812 allows a local user to crash or potentially escalate their privileges on the system.
What is the severity of CVE-2023-3812?
CVE-2023-3812 has a severity value of 7, indicating a high severity.
What software versions are affected by CVE-2023-3812?
The Linux kernel versions up to and including 6.1, Linux Kernel versions 6.0.19, Linux Kernel version 6.1-rc1, Linux Kernel version 6.1-rc2, Linux Kernel version 6.1-rc3, Redhat Enterprise Linux version 8.0, and Redhat Enterprise Linux version 9.0 are affected by CVE-2023-3812.
How can CVE-2023-3812 be fixed?
To fix CVE-2023-3812, users should update their Linux kernel to version 6.1 or apply the appropriate patches from the Linux kernel repository.
- collector/nvd-latest
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/weakness
- agent/title
- agent/severity
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-3812
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- agent/references
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/tags
- collector/ibm-support
- source/IBM
- agent/author
- agent/softwarecombine
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.0.19
- version/linux kernel/6.1-rc1
- version/linux kernel/6.1-rc2
- version/linux kernel/6.1-rc3
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/8.0
- version/red hat enterprise linux/9.0
- version/linux kernel/4.15
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- vendor/ibm
- canonical/ibm security verify governance - identity manager
- version/ibm security verify governance - identity manager/isvg 10.0.2
- canonical/ibm security verify governance, identity manager
- version/ibm security verify governance, identity manager/isvg 10.0.2