Login Sign Up

CVE-2023-3812

7.8 HIGH
Denial of Service

📋 TL;DR

This vulnerability allows a local user to trigger an out-of-bounds memory access in the Linux kernel's TUN/TAP device driver by sending malicious oversized network packets when napi frags is enabled. This can lead to system crashes or potential privilege escalation. Only systems with TUN/TAP devices configured and napi frags enabled are affected.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific versions vary by distribution; generally affects kernels before fixes in late 2023.
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Requires TUN/TAP device configuration and napi frags enabled; not all systems have this enabled by default.

📦 What is this software?

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, allowing complete system compromise.

🟠

Likely Case

Kernel panic leading to system crash and denial of service.

🟢

If Mitigated

Minimal impact if TUN/TAP devices are not used or napi frags is disabled.

🌐 Internet-Facing: LOW - Requires local access to exploit.
🏢 Internal Only: MEDIUM - Local users or compromised accounts could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and specific configuration; no public exploits known as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisories for specific patched kernel versions (e.g., Red Hat kernels in RHSA-2023:6799 and others).

Vendor Advisory: https://access.redhat.com/errata/RHSA-2023:6799

Restart Required: Yes

Instructions:

1. Update kernel package using your distribution's package manager (e.g., 'yum update kernel' for RHEL). 2. Reboot the system to load the new kernel.

🔧 Temporary Workarounds

Disable napi frags for TUN/TAP

linux

Prevents the vulnerability by disabling the affected feature.

echo 0 > /sys/module/tun/parameters/napi_frags

🧯 If You Can't Patch

  • Restrict local user access to systems with TUN/TAP devices.
  • Monitor for unusual kernel crashes or privilege escalation attempts.

🔍 How to Verify

Check if Vulnerable:

Check kernel version against vendor advisories; if using a vulnerable version and TUN/TAP with napi frags enabled, system is at risk.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update matches patched versions listed in vendor advisories.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs in /var/log/messages or journalctl
  • Unexpected system reboots

Network Indicators:

  • Unusual local network activity involving TUN/TAP interfaces

SIEM Query:

Example: search for 'kernel panic' or 'oops' in system logs within a short time window.

📊 Metadata

CVE ID: CVE-2023-3812
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: July 24, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-3812, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)