ГлавнаяУязвимости → CVE-2022-23085
8.2высокая

CVE-2022-23085

Описание

A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.

Затрагиваемое ПО
Freebsd Freebsd
CVSS
Балл8.2 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Источники
https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.aschttps://security.netapp.com/advisory/ntap-20240322-0004/https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.aschttps://security.netapp.com/advisory/ntap-20240322-0004/