The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption.
On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.
Metrics
Affected Vendors & Products
References
History
Thu, 29 Aug 2024 21:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-367 | |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: freebsd
Published: 2024-02-15T04:52:09.645Z
Updated: 2024-08-29T18:48:40.014Z
Reserved: 2022-01-10T22:07:46.040Z
Link: CVE-2022-23084
Vulnrichment
Updated: 2024-08-03T03:28:43.503Z
NVD
Status : Awaiting Analysis
Published: 2024-02-15T05:15:08.833
Modified: 2024-08-29T20:35:05.553
Link: CVE-2022-23084
Redhat
No data.