← Back

CVE-2022-23085

nvd nist
Published: Feb 15, 2024Modified: Dec 9, 2024

JSON object

Loading...
8.2
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Exploitability: 1.5 / Impact: 6.0
Source: NVD

Description

A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.

Affected (28)

Products: Freebsd: Freebsd
Freebsd
1 product
Freebsd
Configuration A
28 vulnerable
Vulnerable SoftwareAffected Versions
Freebsd
Freebsd
From 12.0 to 12.3
Freebsd
Version 12.3
Freebsd
Version 12.3 p1
Freebsd
Version 12.3 p2
Freebsd
Version 12.3 p3
Freebsd
Version 12.3 p4
Freebsd
Version 13.0
Freebsd
Version 13.0 beta1
Freebsd
Version 13.0 beta2
Freebsd
Version 13.0 beta3-p1
Freebsd
Version 13.0 beta3
Freebsd
Version 13.0 beta4
Freebsd
Version 13.0 p10
Freebsd
Version 13.0 p1
Freebsd
Version 13.0 p2
Freebsd
Version 13.0 p3
Freebsd
Version 13.0 p4
Freebsd
Version 13.0 p5
Freebsd
Version 13.0 p6
Freebsd
Version 13.0 p7
Freebsd
Version 13.0 p8
Freebsd
Version 13.0 p9
Freebsd
Version 13.0 rc1
Freebsd
Version 13.0 rc2
Freebsd
Version 13.0 rc3
Freebsd
Version 13.0 rc4
Freebsd
Version 13.0 rc5-p1
Freebsd
Version 13.0 rc5

Related CWEs

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

Source: secteam@freebsd.org
Vendor Advisory
Source: secteam@freebsd.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.