Date: Wed, 16 Mar 2022 10:31:36 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Vincenzo Maffione <vmaffione@FreeBSD.org> Cc: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: Re: git: 393729916564 - main - netmap: Fix TOCTOU vulnerability in nmreq_copyin Message-ID: <20220316143136.vu3akg4ehevqmkgu@mutt-hbsd> In-Reply-To: <202203160708.22G78lBs012259@gitrepo.freebsd.org> References: <202203160708.22G78lBs012259@gitrepo.freebsd.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Wed, Mar 16, 2022 at 07:08:47AM +0000, Vincenzo Maffione wrote: > The branch main has been updated by vmaffione: > > URL: https://cgit.FreeBSD.org/src/commit/?id=393729916564ed13f966e09129a24e6931898d12 > > commit 393729916564ed13f966e09129a24e6931898d12 > Author: Vincenzo Maffione <vmaffione@FreeBSD.org> > AuthorDate: 2022-03-16 06:58:50 +0000 > Commit: Vincenzo Maffione <vmaffione@FreeBSD.org> > CommitDate: 2022-03-16 06:58:50 +0000 > > netmap: Fix TOCTOU vulnerability in nmreq_copyin > > The total size of the user-provided nmreq was first computed and then > trusted during the copyin. This might lead to kernel memory corruption > and escape from jails/containers. > > Reported by: Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative > Security: CVE-2022-23084 > MFC after: 3 days Out of curiosity, if this has an assigned CVE, should it go through the normal FreeBSD security advisory process? Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmIx9MYACgkQ/y5nonf4 4fpxYg//ePVxhCRjBC+JJbo7hT7eZYC0YAGouPan/mJ8ISXuhBx9XNUAtR20RiyU HUTXG3/StR+wLC765TX0fsT9YvZMGV5MB7gp5OCUCPDMdq8UPRflaDy/5IET1Pvh Mrdv6NDjbm+CpuTOA/LrwTZ7Jd2LkQtABTB9vxoHx0x99atJq26A/PbfQUm7DB3s lk7t2jaLJrwlGaxZ5qJA/3vw1gruG5DCNBc8dcUAH+IbArDZ4z5Iie+nkg+dJrAP 5qlFc4/KvO/ZYexg62O1PTVGDEM72qQwDY/G0SQd2Pp+Bu+ACqH40n6sNKRC0tHm MIlTuXRPrQitPn2YuQEpZewUjqVmiAmiIWofclUSD1GiUGj1hCtoJ1awQGH+wMD+ AgOiCM3pqrydAma9KZgBPydPY/yFko3wIp1bSa5WG3BgtHKFGd3jZRfVotqO9lWN Wod7bErMAmYWsBV/eXvgB3QT6SKKt5Y9AkFg2WSf2dJ1C+Po50z3Yq8Zw0D7S+c2 Q9NoHBSTLMeo0GB0xF+4OmViplifaaYwaGHqx9u/dfoAxy9tT2ANbBdVkqkGArPc el3gaQl2PJAYneYZbxJJKpTrFGTW5yxZybcovPXy8KF5+0zigI6vwZead0ftoSFr 6F5lBT0xwrWaqMb7BoGx9XH+bYKbE8nUsvY8MssvrmvNte5n4lU= =LTMI -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20220316143136.vu3akg4ehevqmkgu>