Diffusion FreeBSD src repository 9f600a260a73

netmap: Fix TOCTOU vulnerability in nmreq_copyin
9f600a260a73
Actions

Description

netmap: Fix TOCTOU vulnerability in nmreq_copyin

The total size of the user-provided nmreq was first computed and then
trusted during the copyin. This might lead to kernel memory corruption
and escape from jails/containers.

Reported by: Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative
Security: CVE-2022-23084
MFC after: 3 days

(cherry picked from commit 393729916564ed13f966e09129a24e6931898d12)

Details

Provenance

vmaffione

Authored on Mar 16 2022, 6:58 AM

Parents

rG9df8dd3ea36c: netmap: Fix integer overflow in nmreq_copyin

Branches

Unknown

Tags

Unknown

Event Timeline

vmaffione committed rG9f600a260a73: netmap: Fix TOCTOU vulnerability in nmreq_copyin (authored by vmaffione).Mar 19 2022, 5:36 PM

emaste mentioned this in rG4996f46e03a4: netmap: Fix TOCTOU vulnerability in nmreq_copyin.Apr 6 2022, 3:05 AM

emaste mentioned this in rG7c55c52696d2: netmap: Fix TOCTOU vulnerability in nmreq_copyin.Apr 6 2022, 3:26 AM

Changes (1)

Path

Size

sys/

dev/

netmap/

netmap.c

rG9f600a260a73

View Options