Описание
A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.
Отчет
Keeping Red Hat Enterprise Linux version 8 with Moderate severity, because required patch 158b515f703e (see reference) missed. However, currently Red Hat Enterprise Linux version 8 not affected, because previous patch not backported too: 766b0515d5be ("net: make sure devices go through netdev_wait_all_refs"). Means that it is not possible to trigger the issue for the Red Hat Enterprise Linux 8, but potentially Red Hat Enterprise Linux version 8 could be vulnerable in future, so still need to fix. For the Red Hat Enterprise Linux version 9 there is known way to reproduce the issue.
Меры по смягчению последствий
To mitigate this issue, prevent the tun module from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Virtualization 4 | redhat-virtualization-host | Affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2023:6901 | 14.11.2023 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2023:7077 | 14.11.2023 |
| Red Hat Enterprise Linux 8.8 Extended Update Support | kernel | Fixed | RHSA-2024:1404 | 19.03.2024 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2023:1470 | 27.03.2023 |
| Red Hat Enterprise Linux 9 | kernel-rt | Fixed | RHSA-2023:1469 | 27.03.2023 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2023:1470 | 27.03.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.
A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.
A double-free flaw was found in the Linux kernel\u2019s TUN/TAP device ...
A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.
Уязвимость функции tun_free_netdev() виртуальных сетевых драйверов TUN/TAP ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
EPSS
7.8 High
CVSS3