CVE-2023-3812

high

Description

An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.

References

Advisories
More

https://bugzilla.redhat.com/show_bug.cgi?id=2224048

https://access.redhat.com/security/cve/CVE-2023-3812

https://access.redhat.com/errata/RHSA-2024:2008

https://access.redhat.com/errata/RHSA-2024:2006

https://access.redhat.com/errata/RHSA-2024:1961

https://access.redhat.com/errata/RHSA-2024:0593

https://access.redhat.com/errata/RHSA-2024:0575

https://access.redhat.com/errata/RHSA-2024:0563

https://access.redhat.com/errata/RHSA-2024:0562

https://access.redhat.com/errata/RHSA-2024:0554

https://access.redhat.com/errata/RHSA-2024:0461

https://access.redhat.com/errata/RHSA-2024:0412

https://access.redhat.com/errata/RHSA-2024:0378

https://access.redhat.com/errata/RHSA-2024:0340

https://access.redhat.com/errata/RHSA-2023:7554

https://access.redhat.com/errata/RHSA-2023:7549

https://access.redhat.com/errata/RHSA-2023:7548

https://access.redhat.com/errata/RHSA-2023:7418

https://access.redhat.com/errata/RHSA-2023:7411

https://access.redhat.com/errata/RHSA-2023:7389

https://access.redhat.com/errata/RHSA-2023:7382

https://access.redhat.com/errata/RHSA-2023:7379

https://access.redhat.com/errata/RHSA-2023:7370

https://access.redhat.com/errata/RHSA-2023:6813

https://access.redhat.com/errata/RHSA-2023:6799

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0

Details

Source: Mitre, NVD

Published: 2023-07-24

Updated: 2024-04-25

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00056