Lucene search
K

6 matches found

NVD
NVD
added 2024/02/15 5:15 a.m.31 views

CVE-2022-23086

Handlers for CFGPAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small. Users with access to the mpr, mps or mpt device node may...

9.8CVSS6.7AI score0.00447EPSS
Exploits0References2
CVE
CVE
added 2024/02/15 4:57 a.m.4767 views

CVE-2022-23086

CVE-2022-23086 affects FreeBSD: the mpr/mps/mpt disk controller drivers expose _CFG_PAGE ioctls that allocate a caller-specified buffer size but copy a fixed-size header into it. This can result in heap data being overwritten if the input size is too small, potentially enabling privilege escalati...

9.8CVSS6.8AI score0.00447EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/02/15 4:57 a.m.33 views

CVE-2022-23086 mpr/mps/mpt driver ioctl heap out-of-bounds write

Handlers for CFGPAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small. Users with access to the mpr, mps or mpt device node may...

7AI score0.00447EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/15 4:57 a.m.15 views

CVE-2022-23086 mpr/mps/mpt driver ioctl heap out-of-bounds write

Handlers for CFGPAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small. Users with access to the mpr, mps or mpt device node may...

7.1AI score0.00447EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/04/07 12:0 a.m.17 views

FreeBSD : FreeBSD -- mpr/mps/mpt driver ioctl heap out-of-bounds write (703c4761-b61d-11ec-9ebc-1c697aa5a594)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 703c4761-b61d-11ec-9ebc-1c697aa5a594 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's...

9.8CVSS5.5AI score0.00447EPSS
Exploits0References2
FreeBSD Advisory
FreeBSD Advisory
added 2022/04/06 12:0 a.m.15 views

FreeBSD-SA-22:06.ioctl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-22:06.ioctl Security Advisory The FreeBSD Project Topic: mpr/mps/mpt driver ioctl heap out-of-bounds write Category: core Module: mpr, mps, mpt Announced:...

9.8CVSS7.4AI score0.00447EPSS
Exploits0
Rows per page
Query Builder