CVE-2022-23092
HIGHFreeBSD - Out-of-bounds Write in lib9p RWALK Message Handling
Title source: llmDescription
The implementation of lib9p's handling of RWALK messages was missing a bounds check needed when unpacking the message contents. The missing check means that the receipt of a specially crafted message will cause lib9p to overwrite unrelated memory. The bug can be triggered by a malicious bhyve guest kernel to overwrite memory in the bhyve(8) process. This could potentially lead to user-mode code execution on the host, subject to bhyve's Capsicum sandbox.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
https://security.freebsd.org/advisories/FreeBSD-SA-22:12.lib9p.asc
Third Party Advisory
https://security.netapp.com/advisory/ntap-20240415-0009/
Scores
CVSS v3
8.8
EPSS
0.0040
EPSS Percentile
60.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-787
Status
published
Products (2)
freebsd/freebsd
13.0 beta1 (22 CPE variants)
freebsd/freebsd
13.1 b1-p1 (3 CPE variants)
Published
Feb 15, 2024
Tracked Since
Feb 18, 2026