CVE-2023-3812

Kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags

Published: 7/24/2023 Last updated: 2/26/2026 Reserved: 7/20/2023

An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	7.8	High	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Opam packages affected (29)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes ortools_solvers orun rawlink rawlink-eio rawlink-lwt restricted shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (34)

Product	Vendor	Version
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	< 5.3.5
Red Hat Enterprise Linux 9	Red Hat	<= 5.10.*
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	< f4c330b4499e7334ec6fce535574e09d55843d71
Red Hat Enterprise Linux 9	Red Hat	< 04218cd68d1502000823c8288f37b4f171dcdcae
Red Hat Enterprise Linux 6	Red Hat	<= 5.15.*
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions	Red Hat	< 0c3854d65cc4402cb8c52d4d773450a06efecab6
Red Hat Enterprise Linux 8.2 Advanced Update Support	Red Hat	< e9eb52037a529fbb307c290e9951a62dd728b03d
Red Hat Enterprise Linux 8	Red Hat	< a6f4cfa3783804336491e0edcb250c25f9b59d33
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	Red Hat	< c655d2167bf014d4c61b4faeca59b60ff9b9f6b1
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	Red Hat	< 8edbb9e371af186b4cf40819dab65fafe109df4d
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	Red Hat	4.16
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Red Hat	<= 6.1.*
Red Hat Enterprise Linux 7	Red Hat	<= 6.1.*
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Red Hat	< 6.18
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Red Hat	< 3358995b1a7f9dcb52a56ec8251570d71024dad0
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	< a3785ae5d334bb71d47a593d54c686a03fb9d136
Red Hat Enterprise Linux 9.0 Extended Update Support	Red Hat	<= 6.6.*
Red Hat Enterprise Linux 9	Red Hat	< e432dbff342b95fe44645f9a90fcf333c80f4b5e
Red Hat Enterprise Linux 8	Red Hat	< 6.18
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	Red Hat	<= 6.12.*
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Red Hat	< d70a5804c563b5e34825353ba9927509df709651
Red Hat Enterprise Linux 9.0 Extended Update Support	Red Hat	<= 6.18.*
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	<= 6.18.*
Red Hat Enterprise Linux 7	Red Hat	<= 6.6.*
Red Hat Enterprise Linux 9	Red Hat	< 05db2b850a2b8b17f3d1799f563ea1d550e05ed5
Red Hat Enterprise Linux 9.0 Extended Update Support	Red Hat	<= *
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Red Hat	<= 6.18.*
Red Hat Enterprise Linux 8	Red Hat	<= 6.1.*
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	< 0260ad551b0815eb788d47f32899fbcd65d6f128
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	Red Hat	< 005671c60fcf1dbdb8bddf12a62568fd5e4ec391
Red Hat Enterprise Linux 9	Red Hat	< 4.19
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	< 5.1.10
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	<= *
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions	Red Hat	<= 6.18.*

CVE-2023-3812

Kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags

Metrics

Opam packages affected (29)

Products affected (34)

References (104)