CVE-2023-3812
Kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.8EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
24 jul 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Red Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 8.1 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat · Red Hat Enterprise Linux 8.2 Telecommunications Update ServiceRed Hat · Red Hat Enterprise Linux 8.2 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat · Red Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat · Red Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat · Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Enterprise Linux 9.0 Extended Update SupportRed Hat · Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat · Red Hat Virtualization 4 for Red Hat Enterprise Linux 8Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://access.redhat.com/errata/RHSA-2023:6799https://access.redhat.com/errata/RHSA-2023:6813https://access.redhat.com/errata/RHSA-2023:7370https://access.redhat.com/errata/RHSA-2023:7379https://access.redhat.com/errata/RHSA-2023:7382https://access.redhat.com/errata/RHSA-2023:7389https://access.redhat.com/errata/RHSA-2023:7411https://access.redhat.com/errata/RHSA-2023:7418https://access.redhat.com/errata/RHSA-2023:7548https://access.redhat.com/errata/RHSA-2023:7549https://access.redhat.com/errata/RHSA-2023:7554https://access.redhat.com/errata/RHSA-2024:0340