CVE-2023-3812: Kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags
First published: Wed Jul 19 2023(Updated: )
A flaw in the Linux Kernel found. If napi frags enabled and patch 363a5328f4b0 ("net: tun: fix bugs for oversize packet when napi frags enabled") not applied, then when local user try to send too large IPV6 packet (with big packet length), it can lead to out of bounds memory bug. Reference: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0</a>
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | <=6.0.19 | |
| Linux Linux kernel | =6.1-rc1 | |
| Linux Linux kernel | =6.1-rc2 | |
| Linux Linux kernel | =6.1-rc3 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux | =9.0 | |
| Linux Linux kernel | >=4.15<4.19.265 | |
| Linux Linux kernel | >=4.20<5.4.224 | |
| Linux Linux kernel | >=5.5<5.10.154 | |
| Linux Linux kernel | >=5.11<5.15.78 | |
| Linux Linux kernel | >=5.16<6.0.8 | |
| redhat/kernel | <6.1 | 6.1 |
| IBM QRadar SIEM | <=7.5 - 7.5.0 UP8 IF01 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0
- https://bugzilla.redhat.com/show_bug.cgi?id=2224048
- https://access.redhat.com/security/cve/CVE-2023-3812
- https://access.redhat.com/errata/RHSA-2023:6799
- https://access.redhat.com/errata/RHSA-2023:6813
- https://access.redhat.com/errata/RHSA-2023:7370
- https://access.redhat.com/errata/RHSA-2023:7379
- https://access.redhat.com/errata/RHSA-2023:7382
- https://access.redhat.com/errata/RHSA-2023:7389
- https://access.redhat.com/errata/RHSA-2023:7411
- https://access.redhat.com/errata/RHSA-2023:7418
- https://access.redhat.com/errata/RHSA-2023:7548
- https://access.redhat.com/errata/RHSA-2023:7549
- https://access.redhat.com/errata/RHSA-2023:7554
- https://access.redhat.com/errata/RHSA-2024:0340
- https://access.redhat.com/errata/RHSA-2024:0378
- https://access.redhat.com/errata/RHSA-2024:0412
- https://access.redhat.com/errata/RHSA-2024:0461
- https://access.redhat.com/errata/RHSA-2024:0554
- https://access.redhat.com/errata/RHSA-2024:0562
- https://access.redhat.com/errata/RHSA-2024:0563
- https://access.redhat.com/errata/RHSA-2024:0575
- https://access.redhat.com/errata/RHSA-2024:0593
- https://access.redhat.com/errata/RHSA-2024:1961
- https://access.redhat.com/errata/RHSA-2024:2006
- https://access.redhat.com/errata/RHSA-2024:2008
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2224054
- https://exchange.xforce.ibmcloud.com/vulnerabilities/261506
- https://www.ibm.com/support/pages/node/7150684 (Advisory)
Frequently Asked Questions
What is CVE-2023-3812?
CVE-2023-3812 is an out-of-bounds memory access flaw found in the Linux kernel’s TUN/TAP device driver functionality.
How does CVE-2023-3812 impact a system?
CVE-2023-3812 allows a local user to crash or potentially escalate their privileges on the system.
What is the severity of CVE-2023-3812?
CVE-2023-3812 has a severity value of 7, indicating a high severity.
What software versions are affected by CVE-2023-3812?
The Linux kernel versions up to and including 6.1, Linux Kernel versions 6.0.19, Linux Kernel version 6.1-rc1, Linux Kernel version 6.1-rc2, Linux Kernel version 6.1-rc3, Redhat Enterprise Linux version 8.0, and Redhat Enterprise Linux version 9.0 are affected by CVE-2023-3812.
How can CVE-2023-3812 be fixed?
To fix CVE-2023-3812, users should update their Linux kernel to version 6.1 or apply the appropriate patches from the Linux kernel repository.
- collector/nvd-latest
- collector/nvd-index
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/author
- agent/softwarecombine
- agent/weakness
- agent/title
- agent/severity
- agent/description
- agent/event
- agent/references
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-3812
- agent/last-modified-date
- collector/ibm-support
- source/IBM
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/6.0.19
- version/linux linux kernel/6.1-rc1
- version/linux linux kernel/6.1-rc2
- version/linux linux kernel/6.1-rc3
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- version/redhat enterprise linux/9.0
- version/linux linux kernel/4.15
- version/linux linux kernel/4.20
- version/linux linux kernel/5.5
- version/linux linux kernel/5.11
- version/linux linux kernel/5.16
- package-manager/redhat
- vendor/ibm
- canonical/ibm qradar siem
- version/ibm qradar siem/7.5 - 7.5.0 up8 if01