MNBSD-2022-5: netmap TOCTOU and integer overflow leading to kernel memory corruption

Severity: Unknown

Affected Package: kernel

Summary: netmap TOCTOU and integer overflow leading to kernel memory corruption

Description

Two flaws affected the netmap kernel module. In nmreq_copyin() the total size of the user-provided nmreq was computed and then trusted during the copyin, allowing a time-of-check-to-time-of-use race that could lead to kernel memory corruption and escape from jails/containers (CVE-2022-23084). Separately, an unsanitized field in an option could be abused to cause an integer overflow followed by kernel memory corruption (CVE-2022-23085). A related reference-counting bug in netmap_ioctl() for the NETMAP_REQ_PORT_INFO_GET command could also leak references.

Affected Versions

kernel

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2022-23084, CVE-2022-23085

Published: April 06, 2022
Last Modified: April 06, 2022