NVD Vulnerability Detail

CVE-2023-3812

Summary	An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Publication Date	July 25, 2023, 1:15 a.m.
Registration Date	July 25, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 5:18 p.m.

CVSS3.1 : HIGH
スコア	7.8
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	低
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel::::::::	5.5			5.10.154
cpe:2.3:o:linux:linux_kernel::::::::	5.11			5.15.78
cpe:2.3:o:linux:linux_kernel::::::::	5.16			6.0.8
cpe:2.3:o:linux:linux_kernel::::::::	4.20			5.4.224
cpe:2.3:o:linux:linux_kernel::::::::	4.15			4.19.265

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Related information, measures and tools

No	URL	タグ
1	https://access.redhat.com/errata/RHSA-2023:6799	Third Party Advisory VDB Entry
2	https://access.redhat.com/errata/RHSA-2023:6799	Third Party Advisory VDB Entry
3	https://access.redhat.com/errata/RHSA-2023:6813	Third Party Advisory VDB Entry
4	https://access.redhat.com/errata/RHSA-2023:6813	Third Party Advisory VDB Entry
5	https://access.redhat.com/errata/RHSA-2023:7370	Third Party Advisory VDB Entry
6	https://access.redhat.com/errata/RHSA-2023:7370	Third Party Advisory VDB Entry
7	https://access.redhat.com/errata/RHSA-2023:7379	Third Party Advisory VDB Entry
8	https://access.redhat.com/errata/RHSA-2023:7379	Third Party Advisory VDB Entry
9	https://access.redhat.com/errata/RHSA-2023:7382	Third Party Advisory VDB Entry
10	https://access.redhat.com/errata/RHSA-2023:7382	Third Party Advisory VDB Entry
11	https://access.redhat.com/errata/RHSA-2023:7389	Third Party Advisory VDB Entry
12	https://access.redhat.com/errata/RHSA-2023:7389	Third Party Advisory VDB Entry
13	https://access.redhat.com/errata/RHSA-2023:7411	Third Party Advisory VDB Entry
14	https://access.redhat.com/errata/RHSA-2023:7411	Third Party Advisory VDB Entry
15	https://access.redhat.com/errata/RHSA-2023:7418	Third Party Advisory VDB Entry
16	https://access.redhat.com/errata/RHSA-2023:7418	Third Party Advisory VDB Entry
17	https://access.redhat.com/errata/RHSA-2023:7548	Third Party Advisory VDB Entry
18	https://access.redhat.com/errata/RHSA-2023:7548	Third Party Advisory VDB Entry
19	https://access.redhat.com/errata/RHSA-2023:7549	Third Party Advisory VDB Entry
20	https://access.redhat.com/errata/RHSA-2023:7549	Third Party Advisory VDB Entry
21	https://access.redhat.com/errata/RHSA-2023:7554	Third Party Advisory VDB Entry
22	https://access.redhat.com/errata/RHSA-2023:7554	Third Party Advisory VDB Entry
23	https://access.redhat.com/errata/RHSA-2024:0340
24	https://access.redhat.com/errata/RHSA-2024:0340
25	https://access.redhat.com/errata/RHSA-2024:0378
26	https://access.redhat.com/errata/RHSA-2024:0378
27	https://access.redhat.com/errata/RHSA-2024:0412
28	https://access.redhat.com/errata/RHSA-2024:0412
29	https://access.redhat.com/errata/RHSA-2024:0461
30	https://access.redhat.com/errata/RHSA-2024:0461
31	https://access.redhat.com/errata/RHSA-2024:0554
32	https://access.redhat.com/errata/RHSA-2024:0554
33	https://access.redhat.com/errata/RHSA-2024:0562
34	https://access.redhat.com/errata/RHSA-2024:0562
35	https://access.redhat.com/errata/RHSA-2024:0563
36	https://access.redhat.com/errata/RHSA-2024:0563
37	https://access.redhat.com/errata/RHSA-2024:0575
38	https://access.redhat.com/errata/RHSA-2024:0575
39	https://access.redhat.com/errata/RHSA-2024:0593
40	https://access.redhat.com/errata/RHSA-2024:0593
41	https://access.redhat.com/errata/RHSA-2024:1961
42	https://access.redhat.com/errata/RHSA-2024:1961
43	https://access.redhat.com/errata/RHSA-2024:2006
44	https://access.redhat.com/errata/RHSA-2024:2006
45	https://access.redhat.com/errata/RHSA-2024:2008
46	https://access.redhat.com/errata/RHSA-2024:2008
47	https://access.redhat.com/security/cve/CVE-2023-3812	Third Party Advisory
48	https://access.redhat.com/security/cve/CVE-2023-3812	Third Party Advisory
49	https://bugzilla.redhat.com/show_bug.cgi?id=2224048	Issue Tracking Patch Third Party Advisory
50	https://bugzilla.redhat.com/show_bug.cgi?id=2224048	Issue Tracking Patch Third Party Advisory
51	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0	Patch
52	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0	Patch

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-416	解放済みメモリの使用	https://cwe.mitre.org/data/definitions/416.html
2	CWE-787	境界外書き込み	https://cwe.mitre.org/data/definitions/787.html

JVN Vulnerability Information

Linux の Linux Kernel 等複数ベンダの製品における解放済みメモリの使用に関する脆弱性

Title	Linux の Linux Kernel 等複数ベンダの製品における解放済みメモリの使用に関する脆弱性
Summary	Linux の Linux Kernel 等複数ベンダの製品には、解放済みメモリの使用に関する脆弱性、境界外書き込みに関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	July 24, 2023, midnight
Registration Date	Jan. 18, 2024, 1:51 p.m.
Last Update	Jan. 18, 2024, 1:51 p.m.

Affected System

レッドハット

Red Hat Enterprise Linux 8.0

Red Hat Enterprise Linux 9.0

Linux

Linux Kernel 4.15 以上 4.19.265 未満

Linux Kernel 4.20 以上 5.4.224 未満

Linux Kernel 5.11 以上 5.15.78 未満

Linux Kernel 5.16 以上 6.0.8 未満

Linux Kernel 5.5 以上 5.10.154 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2023-3812	https://www.cve.org/CVERecord?id=CVE-2023-3812
National Vulnerability Database (NVD)
2	CVE-2023-3812	https://nvd.nist.gov/vuln/detail/CVE-2023-3812
Red Hat Customer Portal
3	CVE-2023-3812	https://access.redhat.com/security/cve/CVE-2023-3812

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-416	https://cwe.mitre.org/data/definitions/416.html
2	CWE-787	https://cwe.mitre.org/data/definitions/787.html

ベンダー情報

No	Name	URL
Kernel.org git repositories
1	net: tun: fix bugs for oversize packet when napi frags enabled	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0
Linux Kernel
2	Linux Kernel Archives	https://www.kernel.org
Red Hat Bugzilla
3	Bug 2224048	https://bugzilla.redhat.com/show_bug.cgi?id=2224048
Red Hat Security Advisory
4	RHSA-2023:6799	https://access.redhat.com/errata/RHSA-2023:6799
5	RHSA-2023:6813	https://access.redhat.com/errata/RHSA-2023:6813
6	RHSA-2023:7370	https://access.redhat.com/errata/RHSA-2023:7370
7	RHSA-2023:7379	https://access.redhat.com/errata/RHSA-2023:7379
8	RHSA-2023:7382	https://access.redhat.com/errata/RHSA-2023:7382
9	RHSA-2023:7389	https://access.redhat.com/errata/RHSA-2023:7389
10	RHSA-2023:7411	https://access.redhat.com/errata/RHSA-2023:7411
11	RHSA-2023:7418	https://access.redhat.com/errata/RHSA-2023:7418
12	RHSA-2023:7548	https://access.redhat.com/errata/RHSA-2023:7548
13	RHSA-2023:7549	https://access.redhat.com/errata/RHSA-2023:7549
14	RHSA-2023:7554	https://access.redhat.com/errata/RHSA-2023:7554

Change Log

No	Changed Details	Date of change
1	[2024年01月17日] 掲載	Jan. 17, 2024, 5:45 p.m.