CVE-2022-23085

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FreeBSD (affected versions not specified)

Description The issue is caused by an integer overflow in the nmreq copyin() function of the netmap component. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfs ruleset, a privileged process running in a jail can affect the host environment.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Integer Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-190CWE-120

Related Identifiers

BDU:2023-00490

CVE-2022-23085

ZDI-22-1292

Affected Products

Freebsd

CVE-2022-23085

Weakness Enumeration

Related Identifiers

Affected Products

References · 12