Date: Wed, 16 Mar 2022 22:05:16 +0100 From: Vincenzo Maffione <vmaffione@freebsd.org> To: Shawn Webb <shawn.webb@hardenedbsd.org> Cc: src-committers <src-committers@freebsd.org>, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org, FreeBSD Security Team <secteam@freebsd.org> Subject: Re: git: 393729916564 - main - netmap: Fix TOCTOU vulnerability in nmreq_copyin Message-ID: <CA%2B_eA9i-4d1ZDJzdNmQ_BpFXjMuG3hCHSKsdTHijdjAarD4dEw@mail.gmail.com> In-Reply-To: <20220316143136.vu3akg4ehevqmkgu@mutt-hbsd> References: <202203160708.22G78lBs012259@gitrepo.freebsd.org> <20220316143136.vu3akg4ehevqmkgu@mutt-hbsd>
next in thread | previous in thread | raw e-mail | index | archive | help
--000000000000da5bed05da5c4568 Content-Type: text/plain; charset="UTF-8" Yes. I was told by secteam@ that they would take care of the security advisories. Cheers, Vincenzo Il giorno mer 16 mar 2022 alle ore 15:31 Shawn Webb < shawn.webb@hardenedbsd.org> ha scritto: > On Wed, Mar 16, 2022 at 07:08:47AM +0000, Vincenzo Maffione wrote: > > The branch main has been updated by vmaffione: > > > > URL: > https://cgit.FreeBSD.org/src/commit/?id=393729916564ed13f966e09129a24e6931898d12 > > > > commit 393729916564ed13f966e09129a24e6931898d12 > > Author: Vincenzo Maffione <vmaffione@FreeBSD.org> > > AuthorDate: 2022-03-16 06:58:50 +0000 > > Commit: Vincenzo Maffione <vmaffione@FreeBSD.org> > > CommitDate: 2022-03-16 06:58:50 +0000 > > > > netmap: Fix TOCTOU vulnerability in nmreq_copyin > > > > The total size of the user-provided nmreq was first computed and then > > trusted during the copyin. This might lead to kernel memory > corruption > > and escape from jails/containers. > > > > Reported by: Lucas Leong (@_wmliang_) of Trend Micro Zero Day > Initiative > > Security: CVE-2022-23084 > > MFC after: 3 days > > Out of curiosity, if this has an assigned CVE, should it go through > the normal FreeBSD security advisory process? > > Thanks, > > -- > Shawn Webb > Cofounder / Security Engineer > HardenedBSD > > > https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc > --000000000000da5bed05da5c4568 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div>Yes. I was told by secteam@ that they would take care= of the=C2=A0security advisories.</div><div><br></div><div>Cheers,</div><di= v>=C2=A0 Vincenzo</div><div dir=3D"ltr"><br></div><br><div class=3D"gmail_q= uote"><div dir=3D"ltr" class=3D"gmail_attr">Il giorno mer 16 mar 2022 alle = ore 15:31 Shawn Webb <<a href=3D"mailto:shawn.webb@hardenedbsd.org" targ= et=3D"_blank">shawn.webb@hardenedbsd.org</a>> ha scritto:<br></div><bloc= kquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:= 1px solid rgb(204,204,204);padding-left:1ex">On Wed, Mar 16, 2022 at 07:08:= 47AM +0000, Vincenzo Maffione wrote:<br> > The branch main has been updated by vmaffione:<br> > <br> > URL: <a href=3D"https://cgit.FreeBSD.org/src/commit/?id=3D393729916564= ed13f966e09129a24e6931898d12" rel=3D"noreferrer" target=3D"_blank">https://= cgit.FreeBSD.org/src/commit/?id=3D393729916564ed13f966e09129a24e6931898d12<= /a><br> > <br> > commit 393729916564ed13f966e09129a24e6931898d12<br> > Author:=C2=A0 =C2=A0 =C2=A0Vincenzo Maffione <vmaffione@FreeBSD.org= ><br> > AuthorDate: 2022-03-16 06:58:50 +0000<br> > Commit:=C2=A0 =C2=A0 =C2=A0Vincenzo Maffione <vmaffione@FreeBSD.org= ><br> > CommitDate: 2022-03-16 06:58:50 +0000<br> > <br> >=C2=A0 =C2=A0 =C2=A0netmap: Fix TOCTOU vulnerability in nmreq_copyin<br= > >=C2=A0 =C2=A0 =C2=A0<br> >=C2=A0 =C2=A0 =C2=A0The total size of the user-provided nmreq was first= computed and then<br> >=C2=A0 =C2=A0 =C2=A0trusted during the copyin. This might lead to kerne= l memory corruption<br> >=C2=A0 =C2=A0 =C2=A0and escape from jails/containers.<br> >=C2=A0 =C2=A0 =C2=A0<br> >=C2=A0 =C2=A0 =C2=A0Reported by: Lucas Leong (@_wmliang_) of Trend Micr= o Zero Day Initiative<br> >=C2=A0 =C2=A0 =C2=A0Security: CVE-2022-23084<br> >=C2=A0 =C2=A0 =C2=A0MFC after:=C2=A0 =C2=A0 =C2=A0 3 days<br> <br> Out of curiosity, if this has an assigned CVE, should it go through<br> the normal FreeBSD security advisory process?<br> <br> Thanks,<br> <br> -- <br> Shawn Webb<br> Cofounder / Security Engineer<br> HardenedBSD<br> <br> <a href=3D"https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Sha= wn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc" rel=3D"noreferrer= " target=3D"_blank">https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/m= aster/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc</a><br> </blockquote></div> </div> --000000000000da5bed05da5c4568--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2B_eA9i-4d1ZDJzdNmQ_BpFXjMuG3hCHSKsdTHijdjAarD4dEw>