CVE-2022-23087

Name of the Vulnerable Software and Affected Versions bhyve (affected versions not specified)

Description The e1000 network adapters allow modifications to Ethernet packets during transmission, including IP and TCP checksum insertion, Ethernet VLAN header insertion, and TCP segmentation offload. The e1000 device model uses an on-stack buffer to generate modified packet headers. When checksum offload is requested for a transmitted packet, the e1000 device model uses a guest-provided value to specify the checksum offset in the on-stack buffer, which was not validated for certain packet types. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host, possibly leading to code execution in the host context. The bhyve process runs in a Capsicum sandbox, which limits the impact of exploiting this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.