Back to bug 2229498
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Alex | 2023-08-06 14:12:03 UTC | Depends On | 2229499 | |
| Alex | 2023-08-06 15:01:43 UTC | Depends On | 2229507, 2229505, 2229508, 2229506 | |
| Alex | 2023-08-06 15:04:23 UTC | Fixed In Version | kernel 6.5-rc5 | |
| Alex | 2023-08-06 15:06:07 UTC | Summary | kernel: tap: tap_open(): correctly initialize socket uid next fix of i_uid to current_fsuid | CVE-2023-4194 kernel: tap: tap_open(): correctly initialize socket uid next fix of i_uid to current_fsuid |
| Alias | CVE-2023-4194 | |||
| RaTasha Tillery-Smith | 2023-08-07 13:07:32 UTC | Doc Text | A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and get unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to be entirely bogus. | A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate. |
| Laszlo Ersek | 2023-08-07 14:30:47 UTC | CC | lersek | |
| Doc Type | --- | If docs needed, set a value |
Back to bug 2229498