Vulnerabilities > CVE-2022-23086 - Out-of-bounds Write vulnerability in Freebsd

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

freebsd

CWE-787

NVD

Published: 2024-02-15

Updated: 2024-12-09

Summary

Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small. Users with access to the mpr, mps or mpt device node may overwrite heap data, potentially resulting in privilege escalation. Note that the device node is only accessible to root and members of the operator group.

Vulnerable Configurations

Part	Description	Count
OS	Freebsd Freebsd Freebsd 13.0 Freebsd Freebsd 12.3 Freebsd Freebsd 12.0 Freebsd Freebsd 12.1 Freebsd Freebsd 12.2	67

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References