Severity: Unknown
Affected Package: kernel
Summary: netmap TOCTOU and integer overflow leading to kernel memory corruption
Two flaws affected the netmap kernel module. In nmreq_copyin() the total size of the user-provided nmreq was computed and then trusted during the copyin, allowing a time-of-check-to-time-of-use race that could lead to kernel memory corruption and escape from jails/containers (CVE-2022-23084). Separately, an unsanitized field in an option could be abused to cause an integer overflow followed by kernel memory corruption (CVE-2022-23085). A related reference-counting bug in netmap_ioctl() for the NETMAP_REQ_PORT_INFO_GET command could also leak references.
No specific recommendations provided.
Aliases: CVE-2022-23084, CVE-2022-23085
Published: April 06, 2022
Last Modified: April 06, 2022