[SRU Focal, Jammy, HWE-5.19, OEM-6.0, Lunar 0/2] CVE-2023-4194
Cengiz Can
cengiz.can at canonical.com
Thu Aug 24 11:08:18 UTC 2023
[Impact]
A flaw was found in the Linux kernel’s TUN/TAP functionality. This issue could
allow a local user to bypass network filters and gain unauthorized access to
some resources. The original patches fixing CVE-2023-1076 are incorrect or
incomplete. The problem is that the following upstream commits - a096ccca6e50
(“tun: tun_chr_open(): correctly initialize socket uid”), - 66b2c338adce
(“tap: tap_open(): correctly initialize socket uid”), pass “inode->i_uid” to
sock_init_data_uid() as the last parameter and that turns out to not be
accurate.
[Fix]
Cherry picked from upstream.
[Test case]
Compile, boot and tunctl basic functionality tested.
[Potential regression]
TUN/TAP users might be affected. However very unlikely.
Laszlo Ersek (2):
net: tun_chr_open(): set sk_uid from current_fsuid()
net: tap_open(): set sk_uid from current_fsuid()
drivers/net/tap.c | 2 +-
drivers/net/tun.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--
2.39.2
More information about the kernel-team
mailing list