Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 16 Mar 2022 22:05:16 +0100
From:      Vincenzo Maffione <vmaffione@freebsd.org>
To:        Shawn Webb <shawn.webb@hardenedbsd.org>
Cc:        src-committers <src-committers@freebsd.org>, dev-commits-src-all@freebsd.org,  dev-commits-src-main@freebsd.org, FreeBSD Security Team <secteam@freebsd.org>
Subject:   Re: git: 393729916564 - main - netmap: Fix TOCTOU vulnerability in nmreq_copyin
Message-ID:  <CA%2B_eA9i-4d1ZDJzdNmQ_BpFXjMuG3hCHSKsdTHijdjAarD4dEw@mail.gmail.com>
In-Reply-To: <20220316143136.vu3akg4ehevqmkgu@mutt-hbsd>
References:  <202203160708.22G78lBs012259@gitrepo.freebsd.org> <20220316143136.vu3akg4ehevqmkgu@mutt-hbsd>
index | next in thread | previous in thread | raw e-mail 

[-- Attachment #1 --]
Yes. I was told by secteam@ that they would take care of the security
advisories.

Cheers,
  Vincenzo


Il giorno mer 16 mar 2022 alle ore 15:31 Shawn Webb <
shawn.webb@hardenedbsd.org> ha scritto:

> On Wed, Mar 16, 2022 at 07:08:47AM +0000, Vincenzo Maffione wrote:
> > The branch main has been updated by vmaffione:
> >
> > URL:
> https://cgit.FreeBSD.org/src/commit/?id=393729916564ed13f966e09129a24e6931898d12
> >
> > commit 393729916564ed13f966e09129a24e6931898d12
> > Author:     Vincenzo Maffione <vmaffione@FreeBSD.org>
> > AuthorDate: 2022-03-16 06:58:50 +0000
> > Commit:     Vincenzo Maffione <vmaffione@FreeBSD.org>
> > CommitDate: 2022-03-16 06:58:50 +0000
> >
> >     netmap: Fix TOCTOU vulnerability in nmreq_copyin
> >
> >     The total size of the user-provided nmreq was first computed and then
> >     trusted during the copyin. This might lead to kernel memory
> corruption
> >     and escape from jails/containers.
> >
> >     Reported by: Lucas Leong (@_wmliang_) of Trend Micro Zero Day
> Initiative
> >     Security: CVE-2022-23084
> >     MFC after:      3 days
>
> Out of curiosity, if this has an assigned CVE, should it go through
> the normal FreeBSD security advisory process?
>
> Thanks,
>
> --
> Shawn Webb
> Cofounder / Security Engineer
> HardenedBSD
>
>
> https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
>

[-- Attachment #2 --]
<div dir="ltr"><div>Yes. I was told by secteam@ that they would take care of the security advisories.</div><div><br></div><div>Cheers,</div><div>  Vincenzo</div><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Il giorno mer 16 mar 2022 alle ore 15:31 Shawn Webb &lt;<a href="mailto:shawn.webb@hardenedbsd.org" target="_blank">shawn.webb@hardenedbsd.org</a>&gt; ha scritto:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Wed, Mar 16, 2022 at 07:08:47AM +0000, Vincenzo Maffione wrote:<br>
&gt; The branch main has been updated by vmaffione:<br>
&gt; <br>
&gt; URL: <a href="https://cgit.FreeBSD.org/src/commit/?id=393729916564ed13f966e09129a24e6931898d12" rel="noreferrer" target="_blank">https://cgit.FreeBSD.org/src/commit/?id=393729916564ed13f966e09129a24e6931898d12</a><br>;
&gt; <br>
&gt; commit 393729916564ed13f966e09129a24e6931898d12<br>
&gt; Author:     Vincenzo Maffione &lt;vmaffione@FreeBSD.org&gt;<br>
&gt; AuthorDate: 2022-03-16 06:58:50 +0000<br>
&gt; Commit:     Vincenzo Maffione &lt;vmaffione@FreeBSD.org&gt;<br>
&gt; CommitDate: 2022-03-16 06:58:50 +0000<br>
&gt; <br>
&gt;     netmap: Fix TOCTOU vulnerability in nmreq_copyin<br>
&gt;     <br>
&gt;     The total size of the user-provided nmreq was first computed and then<br>
&gt;     trusted during the copyin. This might lead to kernel memory corruption<br>
&gt;     and escape from jails/containers.<br>
&gt;     <br>
&gt;     Reported by: Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative<br>
&gt;     Security: CVE-2022-23084<br>
&gt;     MFC after:      3 days<br>
<br>
Out of curiosity, if this has an assigned CVE, should it go through<br>
the normal FreeBSD security advisory process?<br>
<br>
Thanks,<br>
<br>
-- <br>
Shawn Webb<br>
Cofounder / Security Engineer<br>
HardenedBSD<br>
<br>
<a href="https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc" rel="noreferrer" target="_blank">https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc</a><br>;
</blockquote></div>
</div>
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2B_eA9i-4d1ZDJzdNmQ_BpFXjMuG3hCHSKsdTHijdjAarD4dEw>