Re: git: 393729916564 - main - netmap: Fix TOCTOU vulnerability in nmreq_copyin
Date: Wed, 16 Mar 2022 21:05:16 UTC
Yes. I was told by secteam@ that they would take care of the security advisories. Cheers, Vincenzo Il giorno mer 16 mar 2022 alle ore 15:31 Shawn Webb < shawn.webb@hardenedbsd.org> ha scritto: > On Wed, Mar 16, 2022 at 07:08:47AM +0000, Vincenzo Maffione wrote: > > The branch main has been updated by vmaffione: > > > > URL: > https://cgit.FreeBSD.org/src/commit/?id=393729916564ed13f966e09129a24e6931898d12 > > > > commit 393729916564ed13f966e09129a24e6931898d12 > > Author: Vincenzo Maffione <vmaffione@FreeBSD.org> > > AuthorDate: 2022-03-16 06:58:50 +0000 > > Commit: Vincenzo Maffione <vmaffione@FreeBSD.org> > > CommitDate: 2022-03-16 06:58:50 +0000 > > > > netmap: Fix TOCTOU vulnerability in nmreq_copyin > > > > The total size of the user-provided nmreq was first computed and then > > trusted during the copyin. This might lead to kernel memory > corruption > > and escape from jails/containers. > > > > Reported by: Lucas Leong (@_wmliang_) of Trend Micro Zero Day > Initiative > > Security: CVE-2022-23084 > > MFC after: 3 days > > Out of curiosity, if this has an assigned CVE, should it go through > the normal FreeBSD security advisory process? > > Thanks, > > -- > Shawn Webb > Cofounder / Security Engineer > HardenedBSD > > > https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc >