[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250038

 
 

909

 
 

195843

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2023-3812Date: (C)2023-07-24   (M)2024-05-10


An out-of-bounds memory access flaw was found in the Linux kernel���s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.8CVSS Score :
Exploit Score: 1.8Exploit Score:
Impact Score: 5.9Impact Score:
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector:
Attack Complexity: LOWAccess Complexity:
Privileges Required: LOWAuthentication:
User Interaction: NONEConfidentiality:
Scope: UNCHANGEDIntegrity:
Confidentiality: HIGHAvailability:
Integrity: HIGH 
Availability: HIGH 
  
Reference:
RHSA-2023:6799
RHSA-2023:6813
RHSA-2023:7370
RHSA-2023:7379
RHSA-2023:7382
RHSA-2023:7389
RHSA-2023:7411
RHSA-2023:7418
RHSA-2023:7548
RHSA-2023:7549
RHSA-2023:7554
RHSA-2024:0340
RHSA-2024:0378
RHSA-2024:0412
RHSA-2024:0461
RHSA-2024:0554
RHSA-2024:0562
RHSA-2024:0563
RHSA-2024:0575
RHSA-2024:0593
RHSA-2024:1961
RHSA-2024:2006
RHSA-2024:2008
https://access.redhat.com/security/cve/CVE-2023-3812
https://bugzilla.redhat.com/show_bug.cgi?id=2224048
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0

CWE    1
CWE-787
OVAL    26
oval:org.secpod.oval:def:3302071
oval:org.secpod.oval:def:89049388
oval:org.secpod.oval:def:89049392
oval:org.secpod.oval:def:89049396
...

© SecPod Technologies