Main Vulnerability Database Vulnerabilities #VU61908

#VU61908 Integer overflow in FreeBSD - CVE-2022-23085

Published: April 6, 2022 / Updated: September 21, 2022

Vulnerability identifier: #VU61908

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-23085

CWE-ID: CWE-190

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
FreeBSD

Software vendor:
FreeBSD Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow within the nmreq_copyin() function in netmap. A local user can trigger integer overflow and execute arbitrary code with elevated privileges. The vulnerability can be used to escape jail environment.

Remediation

Install updates from vendor's website.

External links

https://www.freebsd.org/security/advisories/FreeBSD-SA-22:04.netmap.asc
https://www.zerodayinitiative.com/advisories/ZDI-22-1292/