PT-2023-4324 · Linux+6 · Linux Kernel+6
Alex
+1
·
Published
2023-08-02
·
Updated
2024-11-21
·
CVE-2023-4194
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A flaw was found in the Linux kernel's TUN/TAP functionality, which could allow a local user to bypass network filters and gain unauthorized access to some resources. The issue is related to the incorrect initialization of the socket UID in the
tun chr open() and tap open() functions. This could potentially allow an attacker to impact data integrity or elevate their privileges.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Incorrect Authorization
Type Confusion
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu