CVE-2023-4194
Kernel: tap: tap_open(): correctly initialize socket uid next fix of i_uid to current_fsuid
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate.
Se ha encontrado un fallo en la funcionalidad TUN/TAP del kernel de Linux. Este problema podría permitir a un usuario local eludir los filtros de red y obtener acceso no autorizado a algunos recursos. Los parches originales que solucionan CVE-2023-1076 son incorrectos o incompletos. El problema es que los siguientes commits upstream - a096ccca6e50 ("tun: tun_chr_open(): inicializar correctamente el uid del socket"), - 66b2c338adce ("tap: tap_open(): inicializar correctamente el uid del socket"), pasan "inode->i_uid" a sock_init_data_uid() como último parámetro y resulta que no es correcto.
It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Daniël Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-08-06 CVE Reserved
- 2023-08-07 CVE Published
- 2025-11-21 EPSS Updated
- 2026-03-24 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
- CWE-863: Incorrect Authorization
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html | Mailing List |
|
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/344H6HO6SSC4KT7PDFXSDIXKMKHISSGF | Mailing List |
|
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TYLSJ2SAI7RF56ZLQ5CQWCJLVJSD73Q | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20231027-0002 | Third Party Advisory |
|
| https://www.debian.org/security/2023/dsa-5480 | Third Party Advisory |
|
| https://www.debian.org/security/2023/dsa-5492 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:6583 | 2024-05-08 | |
| https://access.redhat.com/security/cve/CVE-2023-4194 | 2023-11-07 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2229498 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 6.4 Search vendor "Linux" for product "Linux Kernel" and version " <= 6.4" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.5 Search vendor "Linux" for product "Linux Kernel" and version "6.5" | rc1 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.5 Search vendor "Linux" for product "Linux Kernel" and version "6.5" | rc2 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.5 Search vendor "Linux" for product "Linux Kernel" and version "6.5" | rc3 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.5 Search vendor "Linux" for product "Linux Kernel" and version "6.5" | rc4 |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 37 Search vendor "Fedoraproject" for product "Fedora" and version "37" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 38 Search vendor "Fedoraproject" for product "Fedora" and version "38" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 12.0 Search vendor "Debian" for product "Debian Linux" and version "12.0" | - |
Affected
| ||||||