8.8

CVE-2022-23092

The implementation of lib9p's handling of RWALK messages was missing a bounds check needed when unpacking the message contents.  The missing check means that the receipt of a specially crafted message will cause lib9p to overwrite unrelated memory.

The bug can be triggered by a malicious bhyve guest kernel to overwrite memory in the bhyve(8) process.  This could potentially lead to user-mode code execution on the host, subject to bhyve's Capsicum sandbox.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Data is provided by the National Vulnerability Database (NVD)
FreebsdFreebsd Version13.0 Updatebeta1
FreebsdFreebsd Version13.0 Updatebeta2
FreebsdFreebsd Version13.0 Updatebeta3
FreebsdFreebsd Version13.0 Updatebeta3-p1
FreebsdFreebsd Version13.0 Updatebeta4
FreebsdFreebsd Version13.0 Updatep1
FreebsdFreebsd Version13.0 Updatep10
FreebsdFreebsd Version13.0 Updatep11
FreebsdFreebsd Version13.0 Updatep2
FreebsdFreebsd Version13.0 Updatep3
FreebsdFreebsd Version13.0 Updatep4
FreebsdFreebsd Version13.0 Updatep5
FreebsdFreebsd Version13.0 Updatep6
FreebsdFreebsd Version13.0 Updatep7
FreebsdFreebsd Version13.0 Updatep8
FreebsdFreebsd Version13.0 Updatep9
FreebsdFreebsd Version13.0 Updaterc1
FreebsdFreebsd Version13.0 Updaterc2
FreebsdFreebsd Version13.0 Updaterc3
FreebsdFreebsd Version13.0 Updaterc4
FreebsdFreebsd Version13.0 Updaterc5
FreebsdFreebsd Version13.0 Updaterc5-p1
FreebsdFreebsd Version13.1 Updateb1-p1
FreebsdFreebsd Version13.1 Updateb2-p2
FreebsdFreebsd Version13.1 Updaterc1-p1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.4% 0.599
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.