Vulnerability Details : CVE-2023-3812
An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Vulnerability category: Memory Corruption
Products affected by CVE-2023-3812
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-3812
0.01%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-3812
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
Red Hat, Inc. |
CWE ids for CVE-2023-3812
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2023-3812
-
https://access.redhat.com/errata/RHSA-2023:7548
RHSA-2023:7548 - Security Advisory - Red Hat Customer PortalThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2024:0593
RHSA-2024:0593 - Security Advisory - Red Hat カスタマーポータル
-
https://access.redhat.com/errata/RHSA-2024:0562
RHSA-2024:0562 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2024:0378
RHSA-2024:0378 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2023:7411
RHSA-2023:7411 - Security Advisory - Portail Client Red HatThird Party Advisory;VDB Entry
-
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0
kernel/git/torvalds/linux.git - Linux kernel source treePatch
-
https://access.redhat.com/errata/RHSA-2023:7418
RHSA-2023:7418 - Security Advisory - Red Hat Customer PortalThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2024:0563
RHSA-2024:0563 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2024:0554
RHSA-2024:0554 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/security/cve/CVE-2023-3812
CVE-2023-3812- Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:7382
RHSA-2023:7382 - Security Advisory - Portail Client Red HatThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2024:1961
RHSA-2024:1961 - Security Advisory - Red Hat カスタマーポータル
-
https://access.redhat.com/errata/RHSA-2024:2006
RHSA-2024:2006 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2024:0461
RHSA-2024:0461 - Security Advisory - Red Hat Customer Portal
-
https://bugzilla.redhat.com/show_bug.cgi?id=2224048
2224048 – (CVE-2023-3812) CVE-2023-3812 kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_fragsIssue Tracking;Patch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:7549
RHSA-2023:7549 - Security Advisory - Red Hat Customer PortalThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2023:7554
RHSA-2023:7554 - Security Advisory - Red Hat Customer PortalThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2023:7370
RHSA-2023:7370 - Security Advisory - Red Hat Customer PortalThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2024:0412
RHSA-2024:0412 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2023:7389
RHSA-2023:7389 - Security Advisory - Portail Client Red HatThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2023:6799
RHSA-2023:6799 - Security Advisory - Red Hat 客户门户网站Third Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2023:7379
RHSA-2023:7379 - Security Advisory - Red Hat Customer PortalThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2023:6813
RHSA-2023:6813 - Security Advisory - Red Hat Customer PortalThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2024:0575
RHSA-2024:0575 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2024:0340
RHSA-2024:0340 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2024:2008
RHSA-2024:2008 - Security Advisory - Red Hat Customer Portal
Jump to