Date: Wed, 16 Mar 2022 10:31:36 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Vincenzo Maffione <vmaffione@FreeBSD.org> Cc: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: Re: git: 393729916564 - main - netmap: Fix TOCTOU vulnerability in nmreq_copyin Message-ID: <20220316143136.vu3akg4ehevqmkgu@mutt-hbsd> In-Reply-To: <202203160708.22G78lBs012259@gitrepo.freebsd.org> References: <202203160708.22G78lBs012259@gitrepo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--fq2wajc46mxtvsls Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 16, 2022 at 07:08:47AM +0000, Vincenzo Maffione wrote: > The branch main has been updated by vmaffione: >=20 > URL: https://cgit.FreeBSD.org/src/commit/?id=3D393729916564ed13f966e09129= a24e6931898d12 >=20 > commit 393729916564ed13f966e09129a24e6931898d12 > Author: Vincenzo Maffione <vmaffione@FreeBSD.org> > AuthorDate: 2022-03-16 06:58:50 +0000 > Commit: Vincenzo Maffione <vmaffione@FreeBSD.org> > CommitDate: 2022-03-16 06:58:50 +0000 >=20 > netmap: Fix TOCTOU vulnerability in nmreq_copyin > =20 > The total size of the user-provided nmreq was first computed and then > trusted during the copyin. This might lead to kernel memory corruption > and escape from jails/containers. > =20 > Reported by: Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiat= ive > Security: CVE-2022-23084 > MFC after: 3 days Out of curiosity, if this has an assigned CVE, should it go through the normal FreeBSD security advisory process? Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --fq2wajc46mxtvsls Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmIx9MYACgkQ/y5nonf4 4fpxYg//ePVxhCRjBC+JJbo7hT7eZYC0YAGouPan/mJ8ISXuhBx9XNUAtR20RiyU HUTXG3/StR+wLC765TX0fsT9YvZMGV5MB7gp5OCUCPDMdq8UPRflaDy/5IET1Pvh Mrdv6NDjbm+CpuTOA/LrwTZ7Jd2LkQtABTB9vxoHx0x99atJq26A/PbfQUm7DB3s lk7t2jaLJrwlGaxZ5qJA/3vw1gruG5DCNBc8dcUAH+IbArDZ4z5Iie+nkg+dJrAP 5qlFc4/KvO/ZYexg62O1PTVGDEM72qQwDY/G0SQd2Pp+Bu+ACqH40n6sNKRC0tHm MIlTuXRPrQitPn2YuQEpZewUjqVmiAmiIWofclUSD1GiUGj1hCtoJ1awQGH+wMD+ AgOiCM3pqrydAma9KZgBPydPY/yFko3wIp1bSa5WG3BgtHKFGd3jZRfVotqO9lWN Wod7bErMAmYWsBV/eXvgB3QT6SKKt5Y9AkFg2WSf2dJ1C+Po50z3Yq8Zw0D7S+c2 Q9NoHBSTLMeo0GB0xF+4OmViplifaaYwaGHqx9u/dfoAxy9tT2ANbBdVkqkGArPc el3gaQl2PJAYneYZbxJJKpTrFGTW5yxZybcovPXy8KF5+0zigI6vwZead0ftoSFr 6F5lBT0xwrWaqMb7BoGx9XH+bYKbE8nUsvY8MssvrmvNte5n4lU= =LTMI -----END PGP SIGNATURE----- --fq2wajc46mxtvsls--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20220316143136.vu3akg4ehevqmkgu>