Multiple vulnerabilities in FreeBSD



Published: 2022-08-13
Risk Medium
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2022-23092
CVE-2022-23091
CVE-2022-23090
CVE-2022-23089
CWE-ID CWE-119
CWE-264
CWE-416
CWE-125
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
FreeBSD
Operating systems & Components / Operating system

Vendor FreeBSD Foundation

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU66475

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-23092

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in lib9p implementation used by bhyve(8). A remote user on the guest OS can send a specially crafted message to trigger memory corruption and execute arbitrary code on the host OS.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeBSD: 13.0 - 13.1


CPE2.3 External links

http://www.freebsd.org/security/advisories/FreeBSD-SA-22:12.lib9p.asc

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU66474

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-23091

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to an error in virtual mapping implementation. An local unprivileged process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeBSD: 12.0 - 13.1


CPE2.3 External links

http://www.freebsd.org/security/advisories/FreeBSD-SA-22:11.vm.asc

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Use-after-free

EUVDB-ID: #VU66473

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-23090

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the aio(4) subsystem. The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeBSD: 12.0 - 13.1


CPE2.3 External links

http://www.freebsd.org/security/advisories/FreeBSD-SA-22:10.aio.asc

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Out-of-bounds read

EUVDB-ID: #VU66472

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-23089

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the elf_note_prpsinfo() function in prpsinfo. A local user can trigger an out-of-bounds read error and crash the OS kernel.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeBSD: 12.0 - 13.1


CPE2.3 External links

http://www.freebsd.org/security/advisories/FreeBSD-SA-22:09.elf.asc

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###