Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-27D39055-B61B-11EC-9EBC-1C697AA5A594 (CVE-2022-23085): FreeBSD -- Potential jail escape vulnerabilities in netmap

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

FreeBSD: VID-27D39055-B61B-11EC-9EBC-1C697AA5A594 (CVE-2022-23085): FreeBSD -- Potential jail escape vulnerabilities in netmap

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
04/06/2022
Created
11/08/2022
Added
11/04/2022
Modified
11/04/2022

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-27D39055-B61B-11EC-9EBC-1C697AA5A594:

Problem Description:

The total size of the user-provided nmreq to nmreq_copyin() was

first computed and then trusted during the copyin. This

time-of-check to time-of-use bug could lead to kernel memory

corruption. [CVE-2022-23084]

A user-provided integer option was passed to nmreq_copyin() without

checking if it would overflow. This insufficient bounds checking

could lead to kernel memory corruption. [CVE-2022-23085]

Impact:

On systems configured to include netmap in their devfs_ruleset, a

privileged process running in a jail can affect the host

environment.

Solution(s)

  • freebsd-upgrade-base-12_3-release-p5
  • freebsd-upgrade-base-13_0-release-p11

References

  • CVE-2022-23085

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;