Home > Vulnerability Database > CVE-2023-3812

Mend.io Vulnerability Database

CVE-2023-3812

Good to know:

Date: July 24, 2023

An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Language: C

Severity Score

5.9

Related Resources (28)

Url: https://access.redhat.com/errata/RHSA-2023:7549

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-3812

Url: https://access.redhat.com/errata/RHSA-2023:6813

Url: https://access.redhat.com/errata/RHSA-2023:6799

Url: https://access.redhat.com/errata/RHSA-2023:7548

Url: https://access.redhat.com/errata/RHSA-2024:0340

Url: https://access.redhat.com/errata/RHSA-2024:0461

Url: https://access.redhat.com/errata/RHSA-2023:7370

Url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0

Url: https://access.redhat.com/errata/RHSA-2023:7411

Url: https://access.redhat.com/errata/RHSA-2023:7554

Url: https://access.redhat.com/errata/RHSA-2023:7379

Url: https://access.redhat.com/errata/RHSA-2024:1961

Url: https://access.redhat.com/errata/RHSA-2024:0575

Url: https://access.redhat.com/errata/RHSA-2024:0378

Url: https://access.redhat.com/errata/RHSA-2024:0554

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2224048

Url: https://access.redhat.com/errata/RHSA-2024:0412

Url: https://access.redhat.com/errata/RHSA-2023:7418

Url: https://access.redhat.com/errata/RHSA-2024:0593

Url: https://access.redhat.com/errata/RHSA-2023:7382

Url: https://access.redhat.com/security/cve/CVE-2023-3812

Url: https://access.redhat.com/errata/RHSA-2023:7389

Url: https://access.redhat.com/errata/RHSA-2024:0562

Url: https://access.redhat.com/errata/RHSA-2024:0563

Url: https://access.redhat.com/errata/RHSA-2024:2006

Url: https://access.redhat.com/errata/RHSA-2024:2008

Url: https://www.mend.io/vulnerability-database/CVE-2023-3812

Severity Score

5.9

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Use After Free

CWE-416

Top Fix

Upgrade Version

Upgrade to version v4.19.265,v5.4.224,v5.10.154,v5.15.78,v6.0.8,v6.1-rc4

Learn More

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-3812

Good to know:

Date: July 24, 2023

Language: C

Severity Score

Related Resources (28)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?