CVE-2023-3812

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-3812
An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2023:6799 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2023:6813 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2023:7370 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2023:7379 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2023:7382 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2023:7389 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2023:7411 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2023:7418 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2023:7548 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2023:7549 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2023:7554 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2024:0340
https://access.redhat.com/errata/RHSA-2024:0378
https://access.redhat.com/errata/RHSA-2024:0412
https://access.redhat.com/errata/RHSA-2024:0461
https://access.redhat.com/errata/RHSA-2024:0554
https://access.redhat.com/errata/RHSA-2024:0562
https://access.redhat.com/errata/RHSA-2024:0563
https://access.redhat.com/errata/RHSA-2024:0575
https://access.redhat.com/errata/RHSA-2024:0593
https://access.redhat.com/errata/RHSA-2024:1961
https://access.redhat.com/errata/RHSA-2024:2006
https://access.redhat.com/errata/RHSA-2024:2008
https://access.redhat.com/security/cve/CVE-2023-3812 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2224048 Issue Tracking Patch Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
History

25 Apr 2024, 13:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:1961 -
  • () https://access.redhat.com/errata/RHSA-2024:2006 -
  • () https://access.redhat.com/errata/RHSA-2024:2008 -

30 Jan 2024, 16:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0562 -
  • () https://access.redhat.com/errata/RHSA-2024:0563 -
  • () https://access.redhat.com/errata/RHSA-2024:0575 -
  • () https://access.redhat.com/errata/RHSA-2024:0593 -

30 Jan 2024, 04:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0554 -

25 Jan 2024, 20:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0412 -
  • () https://access.redhat.com/errata/RHSA-2024:0461 -

25 Jan 2024, 08:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0340 -
  • () https://access.redhat.com/errata/RHSA-2024:0378 -

29 Dec 2023, 16:07

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*
References () https://access.redhat.com/errata/RHSA-2023:6799 - () https://access.redhat.com/errata/RHSA-2023:6799 - Third Party Advisory, VDB Entry
References () https://access.redhat.com/errata/RHSA-2023:6813 - () https://access.redhat.com/errata/RHSA-2023:6813 - Third Party Advisory, VDB Entry
References () https://access.redhat.com/errata/RHSA-2023:7370 - () https://access.redhat.com/errata/RHSA-2023:7370 - Third Party Advisory, VDB Entry
References () https://access.redhat.com/errata/RHSA-2023:7379 - () https://access.redhat.com/errata/RHSA-2023:7379 - Third Party Advisory, VDB Entry
References () https://access.redhat.com/errata/RHSA-2023:7382 - () https://access.redhat.com/errata/RHSA-2023:7382 - Third Party Advisory, VDB Entry
References () https://access.redhat.com/errata/RHSA-2023:7389 - () https://access.redhat.com/errata/RHSA-2023:7389 - Third Party Advisory, VDB Entry
References () https://access.redhat.com/errata/RHSA-2023:7411 - () https://access.redhat.com/errata/RHSA-2023:7411 - Third Party Advisory, VDB Entry
References () https://access.redhat.com/errata/RHSA-2023:7418 - () https://access.redhat.com/errata/RHSA-2023:7418 - Third Party Advisory, VDB Entry
References () https://access.redhat.com/errata/RHSA-2023:7548 - () https://access.redhat.com/errata/RHSA-2023:7548 - Third Party Advisory, VDB Entry
References () https://access.redhat.com/errata/RHSA-2023:7549 - () https://access.redhat.com/errata/RHSA-2023:7549 - Third Party Advisory, VDB Entry
References () https://access.redhat.com/errata/RHSA-2023:7554 - () https://access.redhat.com/errata/RHSA-2023:7554 - Third Party Advisory, VDB Entry

29 Nov 2023, 00:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:7554 -

28 Nov 2023, 18:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:7549 -
  • () https://access.redhat.com/errata/RHSA-2023:7548 -

21 Nov 2023, 17:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:7382 -
  • () https://access.redhat.com/errata/RHSA-2023:7389 -
  • () https://access.redhat.com/errata/RHSA-2023:7418 -
  • () https://access.redhat.com/errata/RHSA-2023:7370 -
  • () https://access.redhat.com/errata/RHSA-2023:7411 -

21 Nov 2023, 11:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:7379 -

08 Nov 2023, 14:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:6799 -
  • () https://access.redhat.com/errata/RHSA-2023:6813 -

02 Aug 2023, 15:09

Type Values Removed Values Added
CWE CWE-787
CPE cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
First Time Linux
Redhat enterprise Linux
Linux linux Kernel
Redhat
References (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0 - (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0 - Patch
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2224048 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2224048 - Issue Tracking, Patch, Third Party Advisory
References (MISC) https://access.redhat.com/security/cve/CVE-2023-3812 - (MISC) https://access.redhat.com/security/cve/CVE-2023-3812 - Third Party Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8

24 Jul 2023, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-07-24 16:15

Updated : 2024-04-25 13:15

NVD link : CVE-2023-3812

Mitre link : CVE-2023-3812

CVE.ORG link : CVE-2023-3812

JSON object : View

Products Affected

linux

  • linux_kernel

redhat

  • enterprise_linux
CWE
CWE-416

Use After Free

CWE-787

Out-of-bounds Write