CVE-2023-3812

2023-07-2400:00:00

ubuntu.com

cve-2023-3812

networking packet

napi frags

local user

system crash

privilege escalation

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

17.6%

JSON

An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP
device driver functionality in how a user generates a malicious (too big)
networking packet when napi frags is enabled. This flaw allows a local user
to crash or potentially escalate their privileges on the system.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< anyUNKNOWN
ubuntu20.04noarchlinux< 5.4.0-139.156UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-60.66UNKNOWN
ubuntu18.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1096.104UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1030.34UNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1030.34~20.04.1UNKNOWN
ubuntu18.04noarchlinux-aws-5.4< anyUNKNOWN
ubuntu16.04noarchlinux-aws-hwe< 4.15.0-1151.164~16.04.1UNKNOWN
ubuntu20.04noarchlinux-azure< 5.4.0-1103.109UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< any	UNKNOWN
ubuntu	20.04	noarch	linux	< 5.4.0-139.156	UNKNOWN
ubuntu	22.04	noarch	linux	< 5.15.0-60.66	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< 5.4.0-1096.104	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1030.34	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< 5.15.0-1030.34~20.04.1	UNKNOWN
ubuntu	18.04	noarch	linux-aws-5.4	< any	UNKNOWN
ubuntu	16.04	noarch	linux-aws-hwe	< 4.15.0-1151.164~16.04.1	UNKNOWN
ubuntu	20.04	noarch	linux-azure	< 5.4.0-1103.109	UNKNOWN