AZL-76428 CVE-2023-53685 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: tun: Fix memory leak for detached NAPI queue. syzkaller reported 0 memory leaks of sk and skb related to the TUN device with no repro, but we can reproduce it easily with: struct ifreq ifr = int fdtun, fdtmp; char buf4 = ; fdtun ...

kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags

An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious too big networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system...

The vulnerability of the tun_napi_alloc_frags() function in the drivers/net/tun.c module of the Linux TUN/TAP driver allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information, or to enhance their privileges.

The vulnerability of the tunnapiallocfrags function in the drivers/net/tun.c module of the Linux TUN/TAP driver is related to the lack of control over the boundaries of the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

The vulnerability of the dev_get_valid_name function in the TUN subsystem of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the devgetvalidname function in the TUN subsystem of the Linux operating system is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...

DEBIAN-CVE-2018-7191

In the tun subsystem in the Linux kernel before 4.13.14, devgetvalidname is not called before registernetdevice. This allows local users to cause a denial of service NULL pointer dereference and panic via an ioctlTUNSETIFF call with a dev name containing a / character. This is similar to...