CVE-2023-1076

tap: tap_open(): correctly initialize socket uid

References

Notes

 carnil> Commit fixes 86741ec25462 ("net: core: Add a UID field to struct sock.").
 carnil> Initial commits to address CVE-2023-1076 were incorrect
 carnil> resulting in CVE-2023-4194.

Bugs

Status

Branch Status
4.19-buster-security needed
4.19-upstream-stable needed
5.10-bullseye-security released (5.10.178-1)
5.10-upstream-stable released (5.10.173) [4a9272a864cbf6dacc3f4b35213108dd01691d31, 9a31af61f397500ccae49d56d809b2217d1e2178]
6.1-bookworm-security N/A "Fixed before branch point"
6.1-upstream-stable released (6.1.16) [035a80733ec47ed81aa159e16e56d2de106d3335, b4ada752eaf1341f47bfa3d8ada377eca75a8d44]
6.6-upstream-stable unknown
6.8-upstream-stable unknown
sid released (6.1.20-1)
upstream released (6.3-rc1) [66b2c338adce580dfce2199591e65e2bab889cff, a096ccca6e503a5c575717ff8a36ace27510ab0a]