ACK: [SRU Focal, Jammy, HWE-5.19, OEM-6.0, Lunar 0/2] CVE-2023-4194
Roxana Nicolescu
roxana.nicolescu at canonical.com
Thu Aug 24 11:18:02 UTC 2023
On 24/08/2023 13:08, Cengiz Can wrote:
> [Impact]
> A flaw was found in the Linux kernel’s TUN/TAP functionality. This issue could
> allow a local user to bypass network filters and gain unauthorized access to
> some resources. The original patches fixing CVE-2023-1076 are incorrect or
> incomplete. The problem is that the following upstream commits - a096ccca6e50
> (“tun: tun_chr_open(): correctly initialize socket uid”), - 66b2c338adce
> (“tap: tap_open(): correctly initialize socket uid”), pass “inode->i_uid” to
> sock_init_data_uid() as the last parameter and that turns out to not be
> accurate.
>
> [Fix]
> Cherry picked from upstream.
>
> [Test case]
> Compile, boot and tunctl basic functionality tested.
>
> [Potential regression]
> TUN/TAP users might be affected. However very unlikely.
>
> Laszlo Ersek (2):
> net: tun_chr_open(): set sk_uid from current_fsuid()
> net: tap_open(): set sk_uid from current_fsuid()
>
> drivers/net/tap.c | 2 +-
> drivers/net/tun.c | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
Acked-by: Roxana Nicolescu <roxana.nicolescu at canonical.com>
More information about the kernel-team
mailing list