]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: eeec49e) | patch
netmap: Fix integer overflow in nmreq_copyin
authorVincenzo Maffione <vmaffione@FreeBSD.org>
Wed, 16 Mar 2022 06:57:54 +0000 (06:57 +0000)
committerVincenzo Maffione <vmaffione@FreeBSD.org>
Sat, 19 Mar 2022 17:36:27 +0000 (17:36 +0000)
commit9df8dd3ea36c8b3abe8fc182647472ca9cd83efd
treec443d12905376ffac90b7be08b942a108626ed4ftree | snapshot
parenteeec49e0b30a3faf2985e27f163a4c2f7b511e7ccommit | diff
netmap: Fix integer overflow in nmreq_copyin

An unsanitized field in an option could be abused, causing an integer
overflow followed by kernel memory corruption. This might be used
to escape jails/containers.

Reported by: Reno Robert and Lucas Leong (@_wmliang_) of Trend Micro
Zero Day Initiative
Security: CVE-2022-23085

(cherry picked from commit 694ea59c7021c25417e6d516362d2f59b4e2c343)
sys/dev/netmap/netmap.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.