Diffusion FreeBSD src repository 9df8dd3ea36c

netmap: Fix integer overflow in nmreq_copyin
9df8dd3ea36c
Actions

Description

netmap: Fix integer overflow in nmreq_copyin

An unsanitized field in an option could be abused, causing an integer
overflow followed by kernel memory corruption. This might be used
to escape jails/containers.

Reported by: Reno Robert and Lucas Leong (@_wmliang_) of Trend Micro
Zero Day Initiative
Security: CVE-2022-23085

(cherry picked from commit 694ea59c7021c25417e6d516362d2f59b4e2c343)

Details

Provenance

vmaffione

Authored on Mar 16 2022, 6:57 AM

Parents

rGeeec49e0b30a: devd: correct wifi regexp

Branches

Unknown

Tags

Unknown

Event Timeline

vmaffione committed rG9df8dd3ea36c: netmap: Fix integer overflow in nmreq_copyin (authored by vmaffione).Mar 19 2022, 5:36 PM

emaste mentioned this in rG00ca345e83ad: netmap: Fix integer overflow in nmreq_copyin.Apr 6 2022, 3:05 AM

emaste mentioned this in rG9d354cf6e141: netmap: Fix integer overflow in nmreq_copyin.Apr 6 2022, 3:26 AM

Changes (1)

Path

Size

sys/

dev/

netmap/

netmap.c

rG9df8dd3ea36c

View Options