Kernel: tap: tap_open(): correctly initialize socket uid next fix of i_uid to current_fsuid
CVE-2023-4194

5.5MEDIUM

Key Information:

Vendor
Red Hat
Status
Red Hat Enterprise Linux 9
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Vendor
CVE Published:
7 August 2023

Summary

A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate.

Affected Version(s)

Red Hat Enterprise Linux 9 0:5.14.0-362.8.1.el9_3

Red Hat Enterprise Linux 9 0:5.14.0-362.8.1.el9_3

References

https://access.redhat.com/errata/RHSA-2023:6583
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-4194
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2229498
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

This issue was discovered by Laszlo Ersek (Red Hat).
.