Date: Wed, 10 Aug 2022 10:20:21 GMT From: Philip Paeps <philip@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 3049b8ef2566 - main - security/vuxml: add FreeBSD SA-22:12.lib9p Message-ID: <202208101020.27AAKLPe002774@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by philip: URL: https://cgit.FreeBSD.org/ports/commit/?id=3049b8ef25667a3ebca33a27c3ac6cd89b316922 commit 3049b8ef25667a3ebca33a27c3ac6cd89b316922 Author: Philip Paeps <philip@FreeBSD.org> AuthorDate: 2022-08-10 10:20:08 +0000 Commit: Philip Paeps <philip@FreeBSD.org> CommitDate: 2022-08-10 10:20:08 +0000 security/vuxml: add FreeBSD SA-22:12.lib9p --- security/vuxml/vuln-2022.xml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index ff2f2cda3e65..dca51b4d8182 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -1,3 +1,36 @@ + <vuln vid="8eaaf135-1893-11ed-9b22-002590c1f29c"> + <topic>FreeBSD -- Missing bounds check in 9p message handling</topic> + <affects> + <package> + <name>FreeBSD</name> + <range><ge>13.1</ge><lt>13.1_1</lt></range> + <range><ge>13.0</ge><lt>13.0_12</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <h1>Problem Description:</h1> + <p>The implementation of lib9p's handling of RWALK messages was + missing a bounds check needed when unpacking the message contents. + The missing check means that the receipt of a specially crafted + message will cause lib9p to overwrite unrelated memory.</p> + <h1>Impact:</h1> + <p>The bug can be triggered by a malicious bhyve guest kernel to + overwrite memory in the bhyve(8) process. This could potentially lead + to user-mode code execution on the host, subject to bhyve's Capsicum + sandbox.</p> + </body> + </description> + <references> + <cvename>CVE-2022-23092</cvename> + <freebsdsa>SA-22:12.lib9p</freebsdsa> + </references> + <dates> + <discovery>2022-08-09</discovery> + <entry>2022-08-10</entry> + </dates> + </vuln> + <vuln vid="02fb9764-1893-11ed-9b22-002590c1f29c"> <topic>FreeBSD -- Memory disclosure by stale virtual memory mapping</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202208101020.27AAKLPe002774>