Local exploit: Linux kernel TUN/TAP UID init flaw bypassing network filters.
CVE-2023-4194 Published on August 7, 2023
Kernel: tap: tap_open(): correctly initialize socket uid next fix of i_uid to current_fsuid
A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate.
Vulnerability Analysis
CVE-2023-4194 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Timeline
Reported to Red Hat.
Made public.
Weakness Type
Insecure Default Initialization of Resource
The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
Products Associated with CVE-2023-4194
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-4194 are published in these products:
Affected Versions
Red Hat Enterprise Linux 9:- Version 0:5.14.0-362.8.1.el9_3 and below * is unaffected.
- Version 0:5.14.0-362.8.1.el9_3 and below * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.