]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 862f447) | patch
netmap: Fix integer overflow in nmreq_copyin
authorVincenzo Maffione <vmaffione@FreeBSD.org>
Tue, 5 Apr 2022 23:19:58 +0000 (23:19 +0000)
committerEd Maste <emaste@FreeBSD.org>
Tue, 5 Apr 2022 23:19:58 +0000 (23:19 +0000)
commit0d1f1dc951c667f9d993acba42358d115997564e
tree72f7d9489178136713cb6c09488edb6165de26c5tree | snapshot
parent862f4476aeb030d37902a98851b6d035b5962cdfcommit | diff
netmap: Fix integer overflow in nmreq_copyin

An unsanitized field in an option could be abused, causing an integer
overflow followed by kernel memory corruption. This might be used
to escape jails/containers.

Reported by: Reno Robert and Lucas Leong (@_wmliang_) of Trend Micro
Zero Day Initiative
Security: CVE-2022-23085

(cherry picked from commit 694ea59c7021c25417e6d516362d2f59b4e2c343)
(cherry picked from commit 95602165e33a3045a27245cc1e61e67bf4feeed1)

Approved by: so
Security: FreeBSD-SA-22:04.netmap
sys/dev/netmap/netmap.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.