CVE-2022-23084

The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.
Configurations

No configuration.

History

21 Nov 2024, 06:47

Type Values Removed Values Added
References () https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc - () https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc -
References () https://security.netapp.com/advisory/ntap-20240419-0003/ - () https://security.netapp.com/advisory/ntap-20240419-0003/ -

29 Aug 2024, 20:35

Type Values Removed Values Added
CWE CWE-367
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8

19 Apr 2024, 07:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240419-0003/ -

15 Feb 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-15 05:15

Updated : 2024-11-21 06:47


NVD link : CVE-2022-23084

Mitre link : CVE-2022-23084

CVE.ORG link : CVE-2022-23084


JSON object : View

Products Affected

No product.

CWE
CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition