MNBSD-2022-7: Heap overflow in mpr/mps/mpt CFG_PAGE ioctl handlers

Severity: Unknown

Affected Package: kernel

Summary: Heap overflow in mpr/mps/mpt CFG_PAGE ioctl handlers

Description

Handlers for the *_CFG_PAGE read/write ioctls in the mpr, mps and mpt disk-controller drivers allocated a buffer of a caller-specified size but copied a fixed-size header into it. If the specified size was too small, other heap contents would be overwritten, which a privileged user could leverage to corrupt kernel memory.

Affected Versions

kernel

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2022-23086

Published: April 06, 2022
Last Modified: April 06, 2022