HomeFreeBSD

netmap: Fix TOCTOU vulnerability in nmreq_copyin

Description

netmap: Fix TOCTOU vulnerability in nmreq_copyin

The total size of the user-provided nmreq was first computed and then
trusted during the copyin. This might lead to kernel memory corruption
and escape from jails/containers.

Reported by: Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative
Security: CVE-2022-23084
MFC after: 3 days

(cherry picked from commit 393729916564ed13f966e09129a24e6931898d12)
(cherry picked from commit 9f600a260a738d87015b2e9722b7b4f228cbd47d)

Approved by: so
Security: FreeBSD-SA-22:04.netmap

Details

Provenance
vmaffioneAuthored on Apr 5 2022, 11:26 PM
emasteCommitted on Apr 5 2022, 11:26 PM
Parents
rG00ca345e83ad: netmap: Fix integer overflow in nmreq_copyin
Branches
Unknown
Tags
Unknown