HomeFreeBSD

netmap: Fix integer overflow in nmreq_copyin

Description

netmap: Fix integer overflow in nmreq_copyin

An unsanitized field in an option could be abused, causing an integer
overflow followed by kernel memory corruption. This might be used
to escape jails/containers.

Reported by: Reno Robert and Lucas Leong (@_wmliang_) of Trend Micro
Zero Day Initiative
Security: CVE-2022-23085

(cherry picked from commit 694ea59c7021c25417e6d516362d2f59b4e2c343)

Details

Provenance
vmaffioneAuthored on Mar 16 2022, 6:57 AM
Parents
rGeeec49e0b30a: devd: correct wifi regexp
Branches
Unknown
Tags
Unknown