Re: git: 393729916564 - main - netmap: Fix TOCTOU vulnerability in nmreq_copyin

Reply: Philip Paeps : "Re: git: 393729916564 - main - netmap: Fix TOCTOU vulnerability in nmreq_copyin"
In reply to: Shawn Webb : "Re: git: 393729916564 - main - netmap: Fix TOCTOU vulnerability in nmreq_copyin"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Vincenzo Maffione <vmaffione_at_freebsd.org>
Date: Wed, 16 Mar 2022 21:05:16 UTC

Yes. I was told by secteam@ that they would take care of the security
advisories.

Cheers,
  Vincenzo


Il giorno mer 16 mar 2022 alle ore 15:31 Shawn Webb <
shawn.webb@hardenedbsd.org> ha scritto:

> On Wed, Mar 16, 2022 at 07:08:47AM +0000, Vincenzo Maffione wrote:
> > The branch main has been updated by vmaffione:
> >
> > URL:
> https://cgit.FreeBSD.org/src/commit/?id=393729916564ed13f966e09129a24e6931898d12
> >
> > commit 393729916564ed13f966e09129a24e6931898d12
> > Author:     Vincenzo Maffione <vmaffione@FreeBSD.org>
> > AuthorDate: 2022-03-16 06:58:50 +0000
> > Commit:     Vincenzo Maffione <vmaffione@FreeBSD.org>
> > CommitDate: 2022-03-16 06:58:50 +0000
> >
> >     netmap: Fix TOCTOU vulnerability in nmreq_copyin
> >
> >     The total size of the user-provided nmreq was first computed and then
> >     trusted during the copyin. This might lead to kernel memory
> corruption
> >     and escape from jails/containers.
> >
> >     Reported by: Lucas Leong (@_wmliang_) of Trend Micro Zero Day
> Initiative
> >     Security: CVE-2022-23084
> >     MFC after:      3 days
>
> Out of curiosity, if this has an assigned CVE, should it go through
> the normal FreeBSD security advisory process?
>
> Thanks,
>
> --
> Shawn Webb
> Cofounder / Security Engineer
> HardenedBSD
>
>
> https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
>