FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
27d39055-b61b-11ec-9ebc-1c697aa5a594FreeBSD -- Potential jail escape vulnerabilities in netmap

Problem Description:

The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. [CVE-2022-23084]

A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. [CVE-2022-23085]

Impact:

On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.


Discovery 2022-04-06
Entry 2022-04-07
FreeBSD-kernel
ge 13.0 lt 13.0_11

ge 12.3 lt 12.3_5

CVE-2022-23084
CVE-2022-23085
SA-22:04.netmap