The original patches fixing CVE-2023-1076 are incorrect in my opinion. This small series fixes them up; see the individual commit messages for explanation. I have a very elaborate test procedure demonstrating the problem for both tun and tap; it involves libvirt, qemu, and "crash". I can share that procedure if necessary, but it's indeed quite long (I wrote it originally for our QE team). The patches in this series are supposed to "re-fix" CVE-2023-1076; given that said CVE is classified as Low Impact (CVSSv3=5.5), I'm posting this publicly, and not suggesting any embargo. Red Hat Product Security may assign a new CVE number later. I've tested the patches on top of v6.5-rc4, with "crash" built at commit c74f375e0ef7. Cc: Eric Dumazet <edumazet@xxxxxxxxxx> Cc: Lorenzo Colitti <lorenzo@xxxxxxxxxx> Cc: Paolo Abeni <pabeni@xxxxxxxxxx> Cc: Pietro Borrello <borrello@xxxxxxxxxxxxxxxx> Cc: netdev@xxxxxxxxxxxxxxx Cc: stable@xxxxxxxxxxxxxxx Laszlo Ersek (2): net: tun_chr_open(): set sk_uid from current_fsuid() net: tap_open(): set sk_uid from current_fsuid() drivers/net/tap.c | 2 +- drivers/net/tun.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) base-commit: 5d0c230f1de8c7515b6567d9afba1f196fb4e2f4
