Описание
An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Меры по смягчению последствий
To mitigate this issue, prevent the tun module from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2023:7548 | 28.11.2023 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2023:7549 | 28.11.2023 |
| Red Hat Enterprise Linux 8 | kpatch-patch | Fixed | RHSA-2023:7554 | 28.11.2023 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | kpatch-patch | Fixed | RHSA-2023:6799 | 08.11.2023 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | kernel | Fixed | RHSA-2023:6813 | 08.11.2023 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | kernel | Fixed | RHSA-2024:2006 | 23.04.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.
An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.
An out-of-bounds memory access flaw was found in the Linux kernel\u201 ...
An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.
EPSS
7.8 High
CVSS3