CVE-2023-3812

Kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags

Published: 7/24/2023 Last updated: 11/6/2025 Reserved: 7/20/2023

An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	7.8	High	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Opam packages affected (28)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt restricted shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (51)

Product	Vendor	Version
Red Hat Enterprise Linux 8	Red Hat	< 95.0.4638.54
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions	Red Hat	n/a
Red Hat Enterprise Linux 8.2 Advanced Update Support	Red Hat	1.0
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	Red Hat	< 2.4.3 Hotfix 1
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	Red Hat	<= 2.6.0
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Red Hat	< publication
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	Red Hat	< 5062d1f4f07facbdade0f402d9a04a788f52e26d
Red Hat Enterprise Linux 6	Red Hat	< 2df2dd27066cdba8041e46a64362325626bdfb2e
Red Hat Enterprise Linux 7	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	15.2(4)M10
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions	Red Hat	< ef85bb582c41524e9e68dfdbde48e519dac4ab3d
Red Hat Enterprise Linux 8.2 Advanced Update Support	Red Hat	n/a
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	Red Hat	n/a
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	Red Hat	n/a
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Red Hat	15.0(2)EX4
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Red Hat	3.2.1.0
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Red Hat	15.2(4)GC1
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	15.1(2)SY2
Red Hat Enterprise Linux 9	Red Hat	<= <=9.2.9.0
Red Hat Enterprise Linux 9	Red Hat	Snapdragon 1100 Wearable Platform
Red Hat Enterprise Linux 9.0 Extended Update Support	Red Hat	15.1(2)SY8
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	15.2(7)E0a
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	Red Hat	15.2(7)E3
Red Hat Enterprise Linux 6	Red Hat	10.5
Red Hat Enterprise Linux 7	Red Hat	15.2(7)E2a
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Red Hat	< 10.0.14393.5501
Red Hat Enterprise Linux 9	Red Hat	6.9X
Red Hat Enterprise Linux 9	Red Hat	< b5808d40093403334d939e2c3c417144d12a6f33
Red Hat Enterprise Linux 9.0 Extended Update Support	Red Hat	6.9Z
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	< 93eb31e7c3399e326259f2caa17be1e821f5a412
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Red Hat	<= 1.0.0
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	15.3(2)S1
Red Hat Enterprise Linux 9.0 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	< publication
Red Hat Enterprise Linux 9.0 Extended Update Support	Red Hat	7.0
Red Hat Enterprise Linux 7	Red Hat	< 62029bc9ff2c17a4e3a2478d83418ec575413808
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	all versions
Red Hat Enterprise Linux 7	Red Hat	< Milan PI 1.0.0.D
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	15.1(2)SY5
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions	Red Hat	< dc4452867200fa94589b382740952b58aa1c3e6c
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	< publication
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Red Hat	< 1.0.2
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	Sierra Wireless AirLink ES450 FW 4.9.3
Red Hat Enterprise Linux 8	Red Hat	12.2(33)SCE1
Red Hat Enterprise Linux 9.0 Extended Update Support	Red Hat	15.3(2)S
Red Hat Enterprise Linux 9.0 Extended Update Support	Red Hat	< 10.0.04005.02

CVE-2023-3812

Kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags

Metrics

Opam packages affected (28)

Products affected (51)

References (104)