Buffer overflow in FreeBSD - CVE-2022-23087

 

Buffer overflow in FreeBSD - CVE-2022-23087

Published: April 6, 2022


Vulnerability identifier: #VU61911
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-23087
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: FreeBSD Foundation
Affected software:
FreeBSD

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the e1000 network adapter implementation in bhyve(8) hypervisor. A remote attacker with access to the guest OS can send specially crafted traffic via the affected adapter, trigger memory corruption and execute arbitrary code on the hypervisor.


How to mitigate CVE-2022-23087

Install updates from vendor's website.

Sources