CVE-2023-4194

MEDIUM

Linux Kernel < 6.4 - Incorrect Authorization

Title source: rule
STIX 2.1

Description

A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate.

References (12)

Core 12
Core References
Mailing List, Patch, Vendor Advisory
https://lore.kernel.org/all/[email protected]/
Mailing List, Patch, Vendor Advisory
https://lore.kernel.org/all/[email protected]/
Mailing List, Patch, Vendor Advisory
https://lore.kernel.org/all/[email protected]/
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:6583
Third Party Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2023-4194
Issue Tracking, Third Party Advisory issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2229498

Scores

CVSS v3 5.5
EPSS 0.0001
EPSS Percentile 0.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-843 CWE-863
Status published
Products (15)
debian/debian_linux 10.0
debian/debian_linux 11.0
debian/debian_linux 12.0
fedoraproject/fedora 37
fedoraproject/fedora 38
linux/linux_kernel 6.5 rc1 (4 CPE variants)
linux/linux_kernel < 6.4
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
... and 5 more
Published Aug 07, 2023
Tracked Since Feb 18, 2026