FKIE_CVE-2022-23085
Vulnerability from fkie_nvd - Published: 2024-02-15 05:15 - Updated: 2026-06-17 04:29
Severity
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption.
On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freebsd | freebsd | * | |
| freebsd | freebsd | 12.3 | |
| freebsd | freebsd | 12.3 | |
| freebsd | freebsd | 12.3 | |
| freebsd | freebsd | 12.3 | |
| freebsd | freebsd | 12.3 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 |
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unknown",
"modules": [
"netmap"
],
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"lessThan": "p1",
"status": "affected",
"version": "13.1-RC1",
"versionType": "release"
},
{
"lessThan": "p11",
"status": "affected",
"version": "13.0-RELEASE",
"versionType": "release"
},
{
"lessThan": "p5",
"status": "affected",
"version": "12.3-RELEASE",
"versionType": "release"
}
]
}
],
"source": "secteam@freebsd.org"
},
{
"affectedData": [
{
"cpes": [
"cpe:2.3:o:freebsd:freebsd:13.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "freebsd",
"vendor": "freebsd",
"versions": [
{
"lessThan": "13.0_p11",
"status": "affected",
"version": "13.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:freebsd:freebsd:12.3:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "freebsd",
"vendor": "freebsd",
"versions": [
{
"lessThan": "12.3_p5",
"status": "affected",
"version": "12.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:freebsd:freebsd:13.1:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "freebsd",
"vendor": "freebsd",
"versions": [
{
"lessThan": "13.1-rc-p",
"status": "affected",
"version": "13.1",
"versionType": "custom"
}
]
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4497B7F-A3CF-43BD-B7AA-9D6D83612B98",
"versionEndExcluding": "12.3",
"versionStartIncluding": "12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:-:*:*:*:*:*:*",
"matchCriteriaId": "224B7627-CDDE-429A-852F-8A6066B501B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "3B6DCD8A-331E-419F-9253-C4D35C1DF54B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p2:*:*:*:*:*:*",
"matchCriteriaId": "4578E06C-16C6-435E-9E51-91CB02602355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p3:*:*:*:*:*:*",
"matchCriteriaId": "71FA1F6C-7E53-40F8-B9E1-5FD28D5DAADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p4:*:*:*:*:*:*",
"matchCriteriaId": "0EC87BCE-17F0-479B-84DC-516C24FBD396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "174265E7-6B73-4546-B4C7-3826C7EB5624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7412DBD8-BB1F-48A8-AAE1-BA5C8D7BDDF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "833DFF5B-BC50-424A-ABCF-EC632F421B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9F27016E-4117-4094-BB7A-9C56E38024D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta3-p1:*:*:*:*:*:*",
"matchCriteriaId": "EC7326E3-908D-47A1-B848-3AA7F34B3DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "B149BF69-951D-47B4-996C-9E4773DA75B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "04A0E266-714C-4753-A652-A51F25582C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "D133E8E0-4E88-451C-9693-5DE5C3092AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "556111A1-C236-4DF6-9438-F9C874451A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "1673F16B-463A-492C-B66F-48917008F7F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "E73B211F-2CA9-47A4-B318-F24CC1C7E589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "7C13DDEF-FF5F-4723-9C25-4EA66AE2CEDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "7A942EA9-0DD3-44BC-B582-C680BA34E88F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "689BC10B-0404-4468-B604-9D96337F9BD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "38DDAA43-3E9C-479F-8416-E3B9BE23C31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "AE490480-1EA1-4684-A643-9749E87A8448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC271C93-EB83-4301-B7BA-F3249B71B1EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "04329338-AC28-4A74-BE6B-CE8EC6CC37B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "ADBA841F-5C83-4759-84B7-B59DA1B12EA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "6A8F38B3-A6DA-4178-A2BD-0D4F0267C384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "9BB028A0-70F6-42DA-9E5A-F7AAF74ED45B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc5-p1:*:*:*:*:*:*",
"matchCriteriaId": "00D28E4E-022B-482E-9952-7F7F47C427C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption.\n\nOn systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment."
},
{
"lang": "es",
"value": "Se pas\u00f3 una opci\u00f3n de entero proporcionada por el usuario a nmreq_copyin() sin comprobar si se desbordar\u00eda. Esta comprobaci\u00f3n de los l\u00edmites insuficiente podr\u00eda provocar da\u00f1os en la memoria del kernel. En sistemas configurados para incluir netmap en su devfs_ruleset, un proceso privilegiado que se ejecuta en una c\u00e1rcel puede afectar el entorno del host."
}
],
"id": "CVE-2022-23085",
"lastModified": "2026-06-17T04:29:28.590",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2022-23085",
"options": [
{
"exploitation": "none"
},
{
"automatable": "yes"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T18:56:15.573345Z",
"version": "2.0.3"
}
}
]
},
"published": "2024-02-15T05:15:09.110",
"references": [
{
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240322-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240322-0004/"
}
],
"sourceIdentifier": "secteam@freebsd.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…