CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

projects / FreeBSD / FreeBSD.git / commit

author	Vincenzo Maffione <vmaffione@FreeBSD.org>
	Wed, 16 Mar 2022 06:58:50 +0000 (06:58 +0000)
committer	Vincenzo Maffione <vmaffione@FreeBSD.org>
	Sat, 19 Mar 2022 17:36:39 +0000 (17:36 +0000)
commit	9f600a260a738d87015b2e9722b7b4f228cbd47d
tree	dce3ac52605c58917ea52feb98ddceb965f4fee7	tree \| snapshot
parent	9df8dd3ea36c8b3abe8fc182647472ca9cd83efd	commit \| diff

netmap: Fix TOCTOU vulnerability in nmreq_copyin

The total size of the user-provided nmreq was first computed and then
trusted during the copyin. This might lead to kernel memory corruption
and escape from jails/containers.

Reported by: Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative
Security: CVE-2022-23084
MFC after: 3 days

(cherry picked from commit 393729916564ed13f966e09129a24e6931898d12)

sys/dev/netmap/netmap.c

diff | blob | history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom