Diffusion FreeBSD src repository 393729916564

netmap: Fix TOCTOU vulnerability in nmreq_copyin
393729916564
Actions

Description

netmap: Fix TOCTOU vulnerability in nmreq_copyin

The total size of the user-provided nmreq was first computed and then
trusted during the copyin. This might lead to kernel memory corruption
and escape from jails/containers.

Reported by: Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative
Security: CVE-2022-23084
MFC after: 3 days

Details

Provenance

vmaffione

Authored on Mar 16 2022, 6:58 AM

Parents

rG694ea59c7021: netmap: Fix integer overflow in nmreq_copyin

Branches

Unknown

Tags

Unknown

Event Timeline

vmaffione committed rG393729916564: netmap: Fix TOCTOU vulnerability in nmreq_copyin (authored by vmaffione).Mar 16 2022, 6:58 AM

vmaffione mentioned this in rG9f600a260a73: netmap: Fix TOCTOU vulnerability in nmreq_copyin.Mar 19 2022, 5:53 PM

vmaffione mentioned this in rG6fa8af618475: netmap: Fix TOCTOU vulnerability in nmreq_copyin.

vmaffione mentioned this in rG725c70d8153f: netmap: Fix TOCTOU vulnerability in nmreq_copyin.Mar 30 2022, 10:09 PM

emaste mentioned this in rG4996f46e03a4: netmap: Fix TOCTOU vulnerability in nmreq_copyin.Apr 6 2022, 3:05 AM

emaste mentioned this in rG5e67ca45e9a3: netmap: Fix TOCTOU vulnerability in nmreq_copyin.

emaste mentioned this in rG7c55c52696d2: netmap: Fix TOCTOU vulnerability in nmreq_copyin.Apr 6 2022, 3:26 AM

Changes (1)

Path

Size

sys/

dev/

netmap/

netmap.c

rG393729916564

View Options