CVE-2023-4194
CVSS v3.1
5.5 (Medium)
EPSS
0.04 % (5th)
Affected Products
4
Advisories
35
NVD Status
Modified
A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate.
Weaknesses
- CWE-843
- Access of Resource Using Incompatible Type ('Type Confusion')
- CWE-863
- Incorrect Authorization
Related CVEs
- CVE Status
- PUBLISHED
- NVD Status
- Modified
- CNA
- Red Hat, Inc.
- Published Date
-
2023-08-07 14:15:11
(13 months ago) - Updated Date
-
2024-09-06 18:15:05
(10 days ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Configuration #4
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...