CVE-2022-23086

Name of the Vulnerable Software and Affected Versions FreeBSD (affected versions not specified)

Description The issue is caused by a buffer overflow in the mpr, mps, and mpt drivers, which can lead to heap data overwrite and potentially result in privilege escalation. Users with access to the mpr, mps, or mpt device node, which is only accessible to root and members of the operator group, may exploit this issue. The vulnerability can be triggered by allocating a buffer of a caller-specified size and copying a fixed-size header to it, overwriting other heap content if the specified size is too small.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.