CVE-2022-23084

The total size of the user-provided nmreq to nmreqcopyin was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. On systems configured to include netmap in their devfsruleset, a privileged process running in a jail can...

Design/Logic Flaw

A user-provided integer option was passed to nmreqcopyin without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfsruleset, a privileged process running in a jail can affect the host...

Memory corruption

The total size of the user-provided nmreq to nmreqcopyin was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. On systems configured to include netmap in their devfsruleset, a privileged process running in a jail can...

CVE-2022-23085

CVE-2022-23085 arises from an insufficient bounds check: a user-provided integer option passed to netmap’s nmreq_copyin() could overflow, risking kernel memory corruption. Documents in the FreeBSD Netmap advisory SA-22:04 and related CVE records confirm the flaw in the netmap component, enabling ...

FreeBSD 输入验证错误漏洞

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. FreeBSD suffers from an input validation error vulnerability that stems from an integer overflow in netmap's nmreqcopyin function. A local user can trigger the integer overflow and execute arbitrary code with elevated...