Lucene search

[email protected]NVD:CVE-2022-23085

HistoryFeb 15, 2024 - 5:15 a.m.

CVE-2022-23085

2024-02-1505:15:09

CWE-120

[email protected]

web.nvd.nist.gov

vulnerability

netmap

bounds checking

kernel memory corruption

devfs_ruleset

privileged process

jail

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.1

Confidence

Low

EPSS

0.001

Percentile

16.2%

JSON

A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption.

On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.

References

security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc

security.netapp.com/advisory/ntap-20240322-0004/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.1

Confidence

Low

EPSS

0.001

Percentile

16.2%

JSON

Related for NVD:CVE-2022-23085

cvelist1 zdi1 vulnrichment1 prion1 cve1 freebsd_advisory1 nessus1 freebsd1