Re: Impact of FreeBSD-SA-22:10.aio
- In reply to: Ed Maste : "Re: Impact of FreeBSD-SA-22:10.aio"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 18 Aug 2022 21:29:09 UTC
On Thu, 18 Aug 2022 at 14:01, Ed Maste <emaste@freebsd.org> wrote: > > On Thu, 18 Aug 2022 at 12:16, Mark Johnston <markj@freebsd.org> wrote: > > > > The refcount implementation in 12.3 doesn't handle overflow or underflow > > at all, so it is vulnerable. I believe you're right that that > > mitigation converts the bug into a memory leak in 13.0, and so the > > advisory erroneously lists 13.0 as vulnerable when it isn't. > > I suppose it is really an SA for 12.3 and an EN for 13.0. Unfortunately this is not the case - crhold() does not currently use the refcount(9) API, so does not benefit from the refcount overflow mitigation that it provides. We'll address this one way or another (for example, using refcount(9) or checking for overflow explicitly) to provide a mitigation in case there's another missing crfree.