SARA / Free Tools / CVE / CVE-2023-3812

CVE-2023-3812 — An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP devi

An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on t

CVSS

7.8 HIGH

EPSS

1.00% (top 30.00%)

CWE

CWE-787

Published

2023-07-24T15:19:21.817Z

Last modified

2026-02-26T20:27:31.255Z

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

01What is this vulnerability?

02Affected products

Vendor	Product	Versions
Red Hat	Red Hat Enterprise Linux 8	0:4.18.0-513.9.1.rt7.311.el8_9
Red Hat	Red Hat Enterprise Linux 8	0:4.18.0-513.9.1.el8_9
Red Hat	Red Hat Enterprise Linux 8	unspecified
Red Hat	Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions	unspecified
Red Hat	Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions	0:4.18.0-147.94.1.el8_1
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	0:4.18.0-193.133.1.el8_2
Red Hat	Red Hat Enterprise Linux 8.2 Telecommunications Update Service	0:4.18.0-193.133.1.rt13.184.el8_2
Red Hat	Red Hat Enterprise Linux 8.2 Telecommunications Update Service	0:4.18.0-193.133.1.el8_2
Red Hat	Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	unspecified
Red Hat	Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	0:4.18.0-193.133.1.el8_2
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	0:4.18.0-305.120.1.el8_4
Red Hat	Red Hat Enterprise Linux 8.4 Telecommunications Update Service	0:4.18.0-305.120.1.rt7.196.el8_4
Red Hat	Red Hat Enterprise Linux 8.4 Telecommunications Update Service	0:4.18.0-305.120.1.el8_4
Red Hat	Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	0:4.18.0-305.120.1.el8_4
Red Hat	Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	unspecified
Red Hat	Red Hat Enterprise Linux 8.6 Extended Update Support	unspecified
Red Hat	Red Hat Enterprise Linux 8.6 Extended Update Support	0:4.18.0-372.87.1.el8_6
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	unspecified
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	0:4.18.0-477.43.1.el8_8
Red Hat	Red Hat Enterprise Linux 9	0:5.14.0-362.18.1.el9_3
Red Hat	Red Hat Enterprise Linux 9	unspecified
Red Hat	Red Hat Enterprise Linux 9	0:5.14.0-362.18.1.el9_3
Red Hat	Red Hat Enterprise Linux 9.0 Extended Update Support	0:5.14.0-70.80.1.el9_0
Red Hat	Red Hat Enterprise Linux 9.0 Extended Update Support	0:5.14.0-70.80.1.rt21.151.el9_0
Red Hat	Red Hat Enterprise Linux 9.0 Extended Update Support	unspecified
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	0:5.14.0-284.40.1.el9_2
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	0:5.14.0-284.40.1.rt14.325.el9_2
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	unspecified
Red Hat	Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	0:4.18.0-372.87.1.el8_6
Red Hat	Red Hat Enterprise Linux 6	unspecified
Red Hat	Red Hat Enterprise Linux 7	unspecified
Red Hat	Red Hat Enterprise Linux 7	unspecified
Red Hat	Red Hat Enterprise Linux 9	unspecified

03Active exploitation status

Not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. EPSS is the best forward-looking signal — see the EPSS row above.

04Recommended remediation

Patch to a fixed version listed in the vendor advisory (see references below).
Mitigate with WAF rules, network egress filters, or feature flags where the patch is not yet available.
Hunt historical logs for exploitation indicators — see Detection signatures below.

05Technical details

For the full vendor write-up, exploit chains, and reference implementations, see the references list in section 09.

06Detection signatures

Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection in your stack of choice:

Open in Sigma generator →

07Related CVEs

No directly-cited follow-up CVEs in the KB record for this advisory. The references list in section 09 carries the vendor cross-references.

08Timeline

Published: 2023-07-24T15:19:21.817Z
Last modified: 2026-02-26T20:27:31.255Z

09References

access.redhat.com — https://access.redhat.com/errata/RHSA-2023:6799
access.redhat.com — https://access.redhat.com/errata/RHSA-2023:6813
access.redhat.com — https://access.redhat.com/errata/RHSA-2023:7370
access.redhat.com — https://access.redhat.com/errata/RHSA-2023:7379
access.redhat.com — https://access.redhat.com/errata/RHSA-2023:7382
access.redhat.com — https://access.redhat.com/errata/RHSA-2023:7389
access.redhat.com — https://access.redhat.com/errata/RHSA-2023:7411
access.redhat.com — https://access.redhat.com/errata/RHSA-2023:7418
access.redhat.com — https://access.redhat.com/errata/RHSA-2023:7548
access.redhat.com — https://access.redhat.com/errata/RHSA-2023:7549
access.redhat.com — https://access.redhat.com/errata/RHSA-2023:7554
access.redhat.com — https://access.redhat.com/errata/RHSA-2024:0340
access.redhat.com — https://access.redhat.com/errata/RHSA-2024:0378
access.redhat.com — https://access.redhat.com/errata/RHSA-2024:0412
access.redhat.com — https://access.redhat.com/errata/RHSA-2024:0461
access.redhat.com — https://access.redhat.com/errata/RHSA-2024:0554
access.redhat.com — https://access.redhat.com/errata/RHSA-2024:0562
access.redhat.com — https://access.redhat.com/errata/RHSA-2024:0563
access.redhat.com — https://access.redhat.com/errata/RHSA-2024:0575
access.redhat.com — https://access.redhat.com/errata/RHSA-2024:0593
access.redhat.com — https://access.redhat.com/errata/RHSA-2024:1961
access.redhat.com — https://access.redhat.com/errata/RHSA-2024:2006
access.redhat.com — https://access.redhat.com/errata/RHSA-2024:2008
access.redhat.com — https://access.redhat.com/security/cve/CVE-2023-3812
bugzilla.redhat.com — https://bugzilla.redhat.com/show_bug.cgi?id=2224048
git.kernel.org — https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=36…

Want this in your SOAR or SIEM?
SARA's API returns EPSS, CVSS, KEV, and an analyst-grade summary in one call.

Read the API reference →

EPSS detail → Search KEV → Ask SARA →