CVE-2023-4194 — Type Confusion in Kernel

CWE-843 — Type Confusion CWE-863 — Incorrect Authorization CWE-1188 — Initialization of a Resource with an Insecure Default28 documents10 sources

Severity

5.5MEDIUMNVD

OSV7.0OSV5.7OSV4.7OSV4.1

EPSS

0.0%

top 99.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Fedoraproject Fedora +1 more

Timeline

PublishedAug 7

Latest updateFeb 15

Description

A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last paramete…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶Debianlinux/linux_kernel< 5.10.191-1+3

▶Ubuntulinux/linux_kernel< 5.4.0-164.181+1

▶NVDlinux/linux_kernel6.4+1

Also affects: Debian Linux 10.0, 11.0, 12.0, Enterprise Linux 8.0, 9.0, Fedora 37, 38

Patches

Patch: lore.kernel.org ↗Patch: lore.kernel.org ↗Patch: lore.kernel.org ↗

🔴Vulnerability Details

OSV

linux-nvidia-6.2 vulnerabilities↗2023-10-31

▶

OSV

linux-intel-iotg-5.15 vulnerabilities↗2023-10-24

▶

OSV

linux-raspi vulnerabilities↗2023-10-19

▶

OSV

linux-intel-iotg vulnerabilities↗2023-10-19

▶

OSV

linux-hwe-5.15, linux-oracle-5.15 vulnerabilities↗2023-10-06

▶

📋Vendor Advisories

CISA ICS

Siemens SCALANCE XCM-/XRM-300↗2024-02-15

▶

Ubuntu

Linux kernel (NVIDIA) vulnerabilities↗2023-10-31

▶

Ubuntu

Linux kernel (Raspberry Pi) vulnerabilities↗2023-10-19

▶

Ubuntu

Linux kernel (Intel IoTG) vulnerabilities↗2023-10-19

▶

Ubuntu

Linux kernel vulnerabilities↗2023-10-06

▶

💬Community

Bugzilla

CVE-2023-4194 kernel: tap: tap_open(): correctly initialize socket uid next fix of i_uid to current_fsuid↗2023-08-06

▶