The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption.
On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.
References
Configurations
No configuration.
History
29 Aug 2024, 20:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-367 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
19 Apr 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Feb 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-15 05:15
Updated : 2024-08-29 20:35
NVD link : CVE-2022-23084
Mitre link : CVE-2022-23084
CVE.ORG link : CVE-2022-23084
JSON object : View
Products Affected
No product.
CWE
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition