Diffusion FreeBSD src repository 694ea59c7021

netmap: Fix integer overflow in nmreq_copyin
694ea59c7021
Actions

Description

netmap: Fix integer overflow in nmreq_copyin

An unsanitized field in an option could be abused, causing an integer
overflow followed by kernel memory corruption. This might be used
to escape jails/containers.

Reported by: Reno Robert and Lucas Leong (@_wmliang_) of Trend Micro
Zero Day Initiative
Security: CVE-2022-23085

Details

Provenance

vmaffione

Authored on Mar 16 2022, 6:57 AM

Parents

rGadbf7727b3a2: virtio_random(8): avoid deadlock at shutdown time

Branches

Unknown

Tags

Unknown

Event Timeline

vmaffione committed rG694ea59c7021: netmap: Fix integer overflow in nmreq_copyin (authored by vmaffione).Mar 16 2022, 6:57 AM

vmaffione mentioned this in rG9df8dd3ea36c: netmap: Fix integer overflow in nmreq_copyin.Mar 19 2022, 5:53 PM

vmaffione mentioned this in rG95602165e33a: netmap: Fix integer overflow in nmreq_copyin.

vmaffione mentioned this in rG606f528decc3: netmap: Fix integer overflow in nmreq_copyin.Mar 20 2022, 9:03 AM

emaste mentioned this in rG00ca345e83ad: netmap: Fix integer overflow in nmreq_copyin.Apr 6 2022, 3:05 AM

emaste mentioned this in rG0d1f1dc951c6: netmap: Fix integer overflow in nmreq_copyin.Apr 6 2022, 3:07 AM

emaste mentioned this in rG9d354cf6e141: netmap: Fix integer overflow in nmreq_copyin.Apr 6 2022, 3:26 AM

Changes (1)

Path

Size

sys/

dev/

netmap/

netmap.c

rG694ea59c7021

View Options