CVE-2023-3812

Kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags

Published: 7/24/2023 Last updated: 11/6/2025 Reserved: 7/20/2023

An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	7.8	High	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Opam packages affected (27)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (60)

Product	Vendor	Version
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Red Hat	15.2(4)GC1
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions	Red Hat	< ef85bb582c41524e9e68dfdbde48e519dac4ab3d
Red Hat Enterprise Linux 8.2 Advanced Update Support	Red Hat	n/a
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	Red Hat	n/a
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Red Hat	3.2.1.0
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	Red Hat	n/a
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Red Hat	15.0(2)EX4
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	Red Hat	<= 2.6.0
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Red Hat	< publication
Red Hat Enterprise Linux 7	Red Hat	15.2(7)E2a
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Red Hat	< 10.0.14393.5501
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Red Hat	<= 5.4.*
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	Red Hat	15.2(7)E3
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	15.2(7)E0a
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	<= 5.15.*
Red Hat Enterprise Linux 9.0 Extended Update Support	Red Hat	15.1(2)SY8
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	<= 5.19.*
Red Hat Enterprise Linux 9	Red Hat	6.9X
Red Hat Enterprise Linux 9	Red Hat	Snapdragon 1100 Wearable Platform
Red Hat Enterprise Linux 9	Red Hat	< b5808d40093403334d939e2c3c417144d12a6f33
Red Hat Enterprise Linux 9.0 Extended Update Support	Red Hat	6.9Z
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	<= <=9.2.9.0
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	< 93eb31e7c3399e326259f2caa17be1e821f5a412
Red Hat Enterprise Linux 8.2 Advanced Update Support	Red Hat	1.0
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	15.1(2)SY2
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	Red Hat	< 5062d1f4f07facbdade0f402d9a04a788f52e26d
Red Hat Enterprise Linux 6	Red Hat	< 2df2dd27066cdba8041e46a64362325626bdfb2e
Red Hat Enterprise Linux 7	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	< 95.0.4638.54
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	Red Hat	< 2.4.3 Hotfix 1
Red Hat Enterprise Linux 6	Red Hat	10.5
Red Hat Enterprise Linux 8	Red Hat	15.2(4)M10
Red Hat Enterprise Linux 7	Red Hat	< Milan PI 1.0.0.D
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	Red Hat	< 2f5e9de15e4f55fbf56f22d4a2ce406246cc462d
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Red Hat	<= 1.0.0
Red Hat Enterprise Linux 9.0 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	< publication
Red Hat Enterprise Linux 7	Red Hat	< 62029bc9ff2c17a4e3a2478d83418ec575413808
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	all versions
Red Hat Enterprise Linux 9.0 Extended Update Support	Red Hat	7.0
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	15.3(2)S1
Red Hat Enterprise Linux 8	Red Hat	< 958b0ee23f5ac106e7cc11472b71aa2ea9a033bc
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	Sierra Wireless AirLink ES450 FW 4.9.3
Red Hat Enterprise Linux 8	Red Hat	12.2(33)SCE1
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 9.0 Extended Update Support	Red Hat	< 10.0.04005.02
Red Hat Enterprise Linux 9	Red Hat	15.1(2)SY5
Red Hat Enterprise Linux 9	Red Hat	<= *
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	Red Hat	< 29a5b8a137ac8eb410cc823653a29ac0e7b7e1b0
Red Hat Enterprise Linux 9.0 Extended Update Support	Red Hat	15.3(2)S
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	< publication
Red Hat Enterprise Linux 8	Red Hat	< be4df018c0be5ebecf1ca510feacc23be415cefc
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Red Hat	<= 5.10.*
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	Red Hat	n/a
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions	Red Hat	< dc4452867200fa94589b382740952b58aa1c3e6c
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Red Hat	< 1.0.2

CVE-2023-3812

Kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags

Metrics

Opam packages affected (27)

Products affected (60)

References (104)