Time-of-check to time-of-use bug in nmreq_copyin() leading to kernel memory corruption and potential host environment compromise

Time-of-check to time-of-use bug in nmreq_copyin() leading to kernel memory corruption and potential host environment compromise

CVE-2022-23084 · Severity

The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.

Learn more about our User Device Pen Test.