Multiple vulnerabilities in FreeBSD



Published: 2022-04-06 | Updated: 2022-09-21
Risk Medium
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2022-23084
CVE-2022-23085
CVE-2022-23087
CVE-2022-23086
CVE-2022-23088
CVE-2018-25032
CWE-ID CWE-367
CWE-190
CWE-119
CWE-122
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
FreeBSD
Operating systems & Components / Operating system

Vendor FreeBSD Foundation

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Time-of-check Time-of-use (TOCTOU) Race Condition

EUVDB-ID: #VU61907

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-23084

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to a race condition in netmap. The total size of the user-provided nmreq to nmreq_copyin() function was first computed and then trusted during the copyin operation. A local user can trigger a race condition, which can lead to memory corruption and code execution. The vulnerability can be used to escape jail environment.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeBSD: 12.0 - 13.1


CPE2.3 External links

http://www.freebsd.org/security/advisories/FreeBSD-SA-22:04.netmap.asc
http://www.zerodayinitiative.com/advisories/ZDI-22-1291/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Integer overflow

EUVDB-ID: #VU61908

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-23085

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow within the nmreq_copyin() function in netmap. A local user can trigger integer overflow and execute arbitrary code with elevated privileges. The vulnerability can be used to escape jail environment.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeBSD: 12.0 - 13.1


CPE2.3 External links

http://www.freebsd.org/security/advisories/FreeBSD-SA-22:04.netmap.asc
http://www.zerodayinitiative.com/advisories/ZDI-22-1292/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Buffer overflow

EUVDB-ID: #VU61911

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-23087

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the e1000 network adapter implementation in bhyve(8) hypervisor. A remote attacker with access to the guest OS can send specially crafted traffic via the affected adapter, trigger memory corruption and execute arbitrary code on the hypervisor.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeBSD: 12.0 - 13.1


CPE2.3 External links

http://www.freebsd.org/security/advisories/FreeBSD-SA-22:05.bhyve.asc

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Heap-based buffer overflow

EUVDB-ID: #VU61913

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-23086

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in mpr, mps, and mpt disk collector drivers. A local user can run a specially crafted program to trigger a heap-based buffer overflow and execute arbitrary code on the system with elevated privileges.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeBSD: 12.0 - 13.1


CPE2.3 External links

http://www.freebsd.org/security/advisories/FreeBSD-SA-22:06.ioctl.asc
http://www.zerodayinitiative.com/advisories/ZDI-22-1293/
http://www.zerodayinitiative.com/advisories/ZDI-22-1294/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Heap-based buffer overflow

EUVDB-ID: #VU61914

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-23088

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the 802.11 beacon handling routine in FreeBSD Wi-Fi client. A remote attacker with control over the Wi-Fi hotspot can send specially beacon crafted frames to the FreeBSD Wi-Fi client in scanning mode, trigger a heap-based buffer overflow and execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeBSD: 12.0 - 13.1


CPE2.3 External links

http://www.freebsd.org/security/advisories/FreeBSD-SA-22:07.wifi_meshid.asc
http://www.zerodayinitiative.com/advisories/ZDI-22-806/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Buffer overflow

EUVDB-ID: #VU61671

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2018-25032

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when compressing data. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeBSD: 12.0 - 13.1


CPE2.3 External links

http://www.freebsd.org/security/advisories/FreeBSD-SA-22:08.zlib.asc

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###