CVE-2023-1076
Summary
| CVE | CVE-2023-1076 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-03-27 21:15:00 UTC |
|---|
| Updated | 2023-05-03 01:15:00 UTC |
|---|
| Description | A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters. |
|---|
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|
| Operating System |
Linux |
Linux Kernel |
- |
All |
All |
All |
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] [DLA 3404-1] linux-5.10 security update |
MLIST |
lists.debian.org |
|
| kernel/git/next/linux-next.git - The linux-next integration testing tree |
MISC |
git.kernel.org |
|
| kernel/git/next/linux-next.git - The linux-next integration testing tree |
MISC |
git.kernel.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 161066 Oracle Enterprise Linux Security Update for kernel (ELSA-2023-6583)
- 181765 Debian Security Update for linux-5.10 (DLA 3404-1)
- 184581 Debian Security Update for linux (CVE-2023-1076)
- 199298 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6033-1)
- 199424 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6172-1)
- 199425 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6171-1)
- 199438 Ubuntu Security Notification for Linux kernel (IBM) Vulnerabilities (USN-6187-1)
- 199439 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6185-1)
- 199451 Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-6207-1)
- 199463 Ubuntu Security Notification for Linux kernel (Azure CVM) Vulnerabilities (USN-6223-1)
- 199465 Ubuntu Security Notification for Linux kernel (Xilinx ZynqMP) Vulnerabilities (USN-6222-1)
- 199614 Ubuntu Security Notification for Linux kernel (IoT) Vulnerabilities (USN-6256-1)
- 199764 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6385-1)
- 242399 Red Hat Update for kernel security (RHSA-2023:6583)
- 378468 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-20230042)
- 378512 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0042)
- 378701 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2023:0030)
- 378710 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0079)
- 672981 EulerOS Security Update for kernel (EulerOS-SA-2023-1848)
- 673005 EulerOS Security Update for kernel (EulerOS-SA-2023-1873)
- 673017 EulerOS Security Update for kernel (EulerOS-SA-2023-1978)
- 673047 EulerOS Security Update for kernel (EulerOS-SA-2023-1956)
- 673074 EulerOS Security Update for kernel (EulerOS-SA-2023-2193)
- 673121 EulerOS Security Update for kernel (EulerOS-SA-2023-2296)
- 673157 EulerOS Security Update for kernel (EulerOS-SA-2023-2272)
- 753901 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:1803-1)
- 753902 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:1800-1)
- 753903 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:1801-1)
- 753905 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:1811-1)
- 753914 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:1848-1)
- 754023 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2232-1)
- 755851 SUSE Enterprise Linux Security Update for the linux kernel (SUSE-SU-2023:2646-1)
