FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
27d39055-b61b-11ec-9ebc-1c697aa5a594	FreeBSD -- Potential jail escape vulnerabilities in netmap Problem Description: The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. [CVE-2022-23084] A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. [CVE-2022-23085] Impact: On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment. Discovery 2022-04-06 Entry 2022-04-07 FreeBSD-kernel ge 13.0 lt 13.0_11 ge 12.3 lt 12.3_5 CVE-2022-23084 CVE-2022-23085 SA-22:04.netmap

VuXML ID

Description

27d39055-b61b-11ec-9ebc-1c697aa5a594

FreeBSD -- Potential jail escape vulnerabilities in netmap

Problem Description:

The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. [CVE-2022-23084]

A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. [CVE-2022-23085]

Impact:

On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.

Discovery 2022-04-06
Entry 2022-04-07
FreeBSD-kernel

ge 13.0 lt 13.0_11

ge 12.3 lt 12.3_5

CVE-2022-23084
CVE-2022-23085
SA-22:04.netmap