HomeFreebsdCVE-2022-23085

CVE-2022-23085

HIGH
8.2CVSS
Published: 2024-02-15
Updated: 2024-12-09
AI Analysis

Description

A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.

CVSS Metrics

Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
local
Complexity
low
Privileges
high
User Action
none
Scope
changed
Confidentiality
high
Integrity
high
Availability
high
Weaknesses
CWE-787CWE-120

Metadata

Primary Vendor
FREEBSD
Published
2/15/2024
Last Modified
12/9/2024
Source
NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

freebsd : freebsdfreebsd : freebsdfreebsd : freebsdfreebsd : freebsdfreebsd : freebsdfreebsd : freebsdfreebsd : freebsdfreebsd : freebsdfreebsd : freebsdfreebsd : freebsdfreebsd : freebsdfreebsd : freebsdfreebsd : freebsdfreebsd : freebsdfreebsd : freebsdfreebsd : freebsdfreebsd : freebsdfreebsd : freebsdfreebsd : freebsdfreebsd : freebsdfreebsd : freebsdfreebsd : freebsdfreebsd : freebsdfreebsd : freebsdfreebsd : freebsdfreebsd : freebsdfreebsd : freebsdfreebsd : freebsd

AI-Powered Remediation

Generate remediation guidance or a C-suite brief for this vulnerability.

Executive Intelligence Brief

View on NIST NVD
CVE-CVE-2022-23085 | HIGH Severity | CVEDatabase.com | CVEDatabase.com