]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5b789e0) | patch
netmap: Fix integer overflow in nmreq_copyin
authorVincenzo Maffione <vmaffione@FreeBSD.org>
Tue, 5 Apr 2022 23:26:02 +0000 (23:26 +0000)
committerEd Maste <emaste@FreeBSD.org>
Tue, 5 Apr 2022 23:26:02 +0000 (23:26 +0000)
commit00ca345e83ada8b68e302f5406f9799209872c90
treebe40643fcbe6c4d8c96c98b450b6d59db77d1245tree | snapshot
parent5b789e0c92a7c363b36111b1f75519f2acd21f97commit | diff
netmap: Fix integer overflow in nmreq_copyin

An unsanitized field in an option could be abused, causing an integer
overflow followed by kernel memory corruption. This might be used
to escape jails/containers.

Reported by: Reno Robert and Lucas Leong (@_wmliang_) of Trend Micro
Zero Day Initiative
Security: CVE-2022-23085

(cherry picked from commit 694ea59c7021c25417e6d516362d2f59b4e2c343)
(cherry picked from commit 9df8dd3ea36c8b3abe8fc182647472ca9cd83efd)

Approved by: so
Security: FreeBSD-SA-22:04.netmap
sys/dev/netmap/netmap.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.