What the vulnerability does

01Description

A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.

Key dates

02Disclosure timeline

March 30, 2023 CVE published
February 14, 2025 Record updated