CVE-2022-23086: mpr/mps/mpt driver ioctl heap out-of-bounds write
First published: Thu Feb 15 2024(Updated: )
Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small. Users with access to the mpr, mps or mpt device node may overwrite heap data, potentially resulting in privilege escalation. Note that the device node is only accessible to root and members of the operator group.
Credit: secteam@freebsd.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FreeBSD Kernel | >=12.0<12.3 | |
| FreeBSD Kernel | =12.3 | |
| FreeBSD Kernel | =12.3-p1 | |
| FreeBSD Kernel | =12.3-p2 | |
| FreeBSD Kernel | =12.3-p3 | |
| FreeBSD Kernel | =12.3-p4 | |
| FreeBSD Kernel | =13.0 | |
| FreeBSD Kernel | =13.0-beta1 | |
| FreeBSD Kernel | =13.0-beta2 | |
| FreeBSD Kernel | =13.0-beta3 | |
| FreeBSD Kernel | =13.0-beta3-p1 | |
| FreeBSD Kernel | =13.0-beta4 | |
| FreeBSD Kernel | =13.0-p1 | |
| FreeBSD Kernel | =13.0-p10 | |
| FreeBSD Kernel | =13.0-p2 | |
| FreeBSD Kernel | =13.0-p3 | |
| FreeBSD Kernel | =13.0-p4 | |
| FreeBSD Kernel | =13.0-p5 | |
| FreeBSD Kernel | =13.0-p6 | |
| FreeBSD Kernel | =13.0-p7 | |
| FreeBSD Kernel | =13.0-p8 | |
| FreeBSD Kernel | =13.0-p9 | |
| FreeBSD Kernel | =13.0-rc1 | |
| FreeBSD Kernel | =13.0-rc2 | |
| FreeBSD Kernel | =13.0-rc3 | |
| FreeBSD Kernel | =13.0-rc4 | |
| FreeBSD Kernel | =13.0-rc5 | |
| FreeBSD Kernel | =13.0-rc5-p1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-23086?
CVE-2022-23086 is classified as a medium severity vulnerability due to the potential for denial of service through heap memory corruption.
How do I fix CVE-2022-23086?
To mitigate CVE-2022-23086, users should update to the latest version of FreeBSD which addresses the vulnerability.
What components are affected by CVE-2022-23086?
CVE-2022-23086 affects the mpr, mps, and mpt drivers in FreeBSD.
Who is affected by CVE-2022-23086?
Any user with access to the mpr, mps, or mpt drivers in the specified FreeBSD versions is affected by CVE-2022-23086.
Is CVE-2022-23086 exploitable remotely?
CVE-2022-23086 may not be directly exploitable remotely but it can lead to local system stability issues.
- agent/title
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/softwarecombine
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/freebsd
- canonical/freebsd kernel
- version/freebsd kernel/12.0
- version/freebsd kernel/12.3
- version/freebsd kernel/12.3-p1
- version/freebsd kernel/12.3-p2
- version/freebsd kernel/12.3-p3
- version/freebsd kernel/12.3-p4
- version/freebsd kernel/13.0
- version/freebsd kernel/13.0-beta1
- version/freebsd kernel/13.0-beta2
- version/freebsd kernel/13.0-beta3
- version/freebsd kernel/13.0-beta3-p1
- version/freebsd kernel/13.0-beta4
- version/freebsd kernel/13.0-p1
- version/freebsd kernel/13.0-p10
- version/freebsd kernel/13.0-p2
- version/freebsd kernel/13.0-p3
- version/freebsd kernel/13.0-p4
- version/freebsd kernel/13.0-p5
- version/freebsd kernel/13.0-p6
- version/freebsd kernel/13.0-p7
- version/freebsd kernel/13.0-p8
- version/freebsd kernel/13.0-p9
- version/freebsd kernel/13.0-rc1
- version/freebsd kernel/13.0-rc2
- version/freebsd kernel/13.0-rc3
- version/freebsd kernel/13.0-rc4
- version/freebsd kernel/13.0-rc5
- version/freebsd kernel/13.0-rc5-p1