ACK: [SRU Focal, Jammy, HWE-5.19, OEM-6.0, Lunar 0/2] CVE-2023-4194

Roxana Nicolescu roxana.nicolescu at canonical.com
Thu Aug 24 11:18:02 UTC 2023


On 24/08/2023 13:08, Cengiz Can wrote:
> [Impact]
> A flaw was found in the Linux kernel’s TUN/TAP functionality. This issue could
> allow a local user to bypass network filters and gain unauthorized access to
> some resources. The original patches fixing CVE-2023-1076 are incorrect or
> incomplete. The problem is that the following upstream commits - a096ccca6e50
> (“tun: tun_chr_open(): correctly initialize socket uid”), - 66b2c338adce
> (“tap: tap_open(): correctly initialize socket uid”), pass “inode->i_uid” to
> sock_init_data_uid() as the last parameter and that turns out to not be
> accurate.
>
> [Fix]
> Cherry picked from upstream.
>
> [Test case]
> Compile, boot and tunctl basic functionality tested.
>
> [Potential regression]
> TUN/TAP users might be affected. However very unlikely.
>
> Laszlo Ersek (2):
>    net: tun_chr_open(): set sk_uid from current_fsuid()
>    net: tap_open(): set sk_uid from current_fsuid()
>
>   drivers/net/tap.c | 2 +-
>   drivers/net/tun.c | 2 +-
>   2 files changed, 2 insertions(+), 2 deletions(-)
>
Acked-by: Roxana Nicolescu <roxana.nicolescu at canonical.com>



More information about the kernel-team mailing list