SB2022081304 - Multiple vulnerabilities in FreeBSD

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2022-23092)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in lib9p implementation used by bhyve(8). A remote user on the guest OS can send a specially crafted message to trigger memory corruption and execute arbitrary code on the host OS.

2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-23091)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to an error in virtual mapping implementation. An local unprivileged process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel.

3) Use-after-free (CVE-ID: CVE-2022-23090)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the aio(4) subsystem. The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

4) Out-of-bounds read (CVE-ID: CVE-2022-23089)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the elf_note_prpsinfo() function in prpsinfo. A local user can trigger an out-of-bounds read error and crash the OS kernel.

Remediation

Install update from vendor's website.

References

• https://www.freebsd.org/security/advisories/FreeBSD-SA-22:12.lib9p.asc
• https://www.freebsd.org/security/advisories/FreeBSD-SA-22:11.vm.asc
• https://www.freebsd.org/security/advisories/FreeBSD-SA-22:10.aio.asc
• https://www.freebsd.org/security/advisories/FreeBSD-SA-22:09.elf.asc