HomeFreeBSD

netmap: Fix integer overflow in nmreq_copyin

Description

netmap: Fix integer overflow in nmreq_copyin

An unsanitized field in an option could be abused, causing an integer
overflow followed by kernel memory corruption. This might be used
to escape jails/containers.

Reported by: Reno Robert and Lucas Leong (@_wmliang_) of Trend Micro
Zero Day Initiative
Security: CVE-2022-23085

(cherry picked from commit 694ea59c7021c25417e6d516362d2f59b4e2c343)
(cherry picked from commit 95602165e33a3045a27245cc1e61e67bf4feeed1)

Approved by: so
Security: FreeBSD-SA-22:04.netmap

Details

Provenance
vmaffioneAuthored on Apr 5 2022, 11:19 PM
emasteCommitted on Apr 5 2022, 11:19 PM
Parents
rG862f4476aeb0: Add UPDATING entries and bump version.
Branches
Unknown
Tags
Unknown