Re: git: 393729916564 - main - netmap: Fix TOCTOU vulnerability in nmreq_copyin
Date: Wed, 16 Mar 2022 14:31:36 UTC
On Wed, Mar 16, 2022 at 07:08:47AM +0000, Vincenzo Maffione wrote: > The branch main has been updated by vmaffione: > > URL: https://cgit.FreeBSD.org/src/commit/?id=393729916564ed13f966e09129a24e6931898d12 > > commit 393729916564ed13f966e09129a24e6931898d12 > Author: Vincenzo Maffione <vmaffione@FreeBSD.org> > AuthorDate: 2022-03-16 06:58:50 +0000 > Commit: Vincenzo Maffione <vmaffione@FreeBSD.org> > CommitDate: 2022-03-16 06:58:50 +0000 > > netmap: Fix TOCTOU vulnerability in nmreq_copyin > > The total size of the user-provided nmreq was first computed and then > trusted during the copyin. This might lead to kernel memory corruption > and escape from jails/containers. > > Reported by: Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative > Security: CVE-2022-23084 > MFC after: 3 days Out of curiosity, if this has an assigned CVE, should it go through the normal FreeBSD security advisory process? Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc