Re: git: 393729916564 - main - netmap: Fix TOCTOU vulnerability in nmreq_copyin

Reply: Vincenzo Maffione : "Re: git: 393729916564 - main - netmap: Fix TOCTOU vulnerability in nmreq_copyin"
In reply to: Vincenzo Maffione : "git: 393729916564 - main - netmap: Fix TOCTOU vulnerability in nmreq_copyin"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Shawn Webb <shawn.webb_at_hardenedbsd.org>
Date: Wed, 16 Mar 2022 14:31:36 UTC

On Wed, Mar 16, 2022 at 07:08:47AM +0000, Vincenzo Maffione wrote:
> The branch main has been updated by vmaffione:
> 
> URL: https://cgit.FreeBSD.org/src/commit/?id=393729916564ed13f966e09129a24e6931898d12
> 
> commit 393729916564ed13f966e09129a24e6931898d12
> Author:     Vincenzo Maffione <vmaffione@FreeBSD.org>
> AuthorDate: 2022-03-16 06:58:50 +0000
> Commit:     Vincenzo Maffione <vmaffione@FreeBSD.org>
> CommitDate: 2022-03-16 06:58:50 +0000
> 
>     netmap: Fix TOCTOU vulnerability in nmreq_copyin
>     
>     The total size of the user-provided nmreq was first computed and then
>     trusted during the copyin. This might lead to kernel memory corruption
>     and escape from jails/containers.
>     
>     Reported by: Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative
>     Security: CVE-2022-23084
>     MFC after:      3 days

Out of curiosity, if this has an assigned CVE, should it go through
the normal FreeBSD security advisory process?

Thanks,

-- 
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc