FKIE_CVE-2022-23089
Vulnerability from fkie_nvd - Published: 2024-02-15 05:15 - Updated: 2025-06-04 21:11
Severity ?
Summary
When dumping core and saving process information, proc_getargv() might return an sbuf which have a sbuf_len() of 0 or -1, which is not properly handled.
An out-of-bound read can happen when user constructs a specially crafted ps_string, which in turn can cause the kernel to crash.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freebsd | freebsd | * | |
| freebsd | freebsd | * | |
| freebsd | freebsd | 12.3 | |
| freebsd | freebsd | 12.3 | |
| freebsd | freebsd | 12.3 | |
| freebsd | freebsd | 12.3 | |
| freebsd | freebsd | 12.3 | |
| freebsd | freebsd | 12.3 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.0 | |
| freebsd | freebsd | 13.1 | |
| freebsd | freebsd | 13.1 | |
| freebsd | freebsd | 13.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21DD7BCE-A20E-4014-8E35-DB6EC1FB12B0",
"versionEndExcluding": "12.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4ACD421D-AD3D-484B-9E8C-3FA32262B885",
"versionEndExcluding": "13.0",
"versionStartIncluding": "12.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E231B24D-5CA9-4107-A819-57EE116AD644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "3B6DCD8A-331E-419F-9253-C4D35C1DF54B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p2:*:*:*:*:*:*",
"matchCriteriaId": "4578E06C-16C6-435E-9E51-91CB02602355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p3:*:*:*:*:*:*",
"matchCriteriaId": "71FA1F6C-7E53-40F8-B9E1-5FD28D5DAADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p4:*:*:*:*:*:*",
"matchCriteriaId": "0EC87BCE-17F0-479B-84DC-516C24FBD396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p5:*:*:*:*:*:*",
"matchCriteriaId": "620C23ED-400C-438C-8427-94437F12EDAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7412DBD8-BB1F-48A8-AAE1-BA5C8D7BDDF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "833DFF5B-BC50-424A-ABCF-EC632F421B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9F27016E-4117-4094-BB7A-9C56E38024D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta3-p1:*:*:*:*:*:*",
"matchCriteriaId": "EC7326E3-908D-47A1-B848-3AA7F34B3DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "B149BF69-951D-47B4-996C-9E4773DA75B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "04A0E266-714C-4753-A652-A51F25582C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "D133E8E0-4E88-451C-9693-5DE5C3092AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "FF1A096F-EC60-4C7D-AE40-D1DDAC9D4E40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "556111A1-C236-4DF6-9438-F9C874451A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "1673F16B-463A-492C-B66F-48917008F7F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "E73B211F-2CA9-47A4-B318-F24CC1C7E589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "7C13DDEF-FF5F-4723-9C25-4EA66AE2CEDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "7A942EA9-0DD3-44BC-B582-C680BA34E88F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "689BC10B-0404-4468-B604-9D96337F9BD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "38DDAA43-3E9C-479F-8416-E3B9BE23C31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "AE490480-1EA1-4684-A643-9749E87A8448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC271C93-EB83-4301-B7BA-F3249B71B1EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "04329338-AC28-4A74-BE6B-CE8EC6CC37B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "ADBA841F-5C83-4759-84B7-B59DA1B12EA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "6A8F38B3-A6DA-4178-A2BD-0D4F0267C384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "9BB028A0-70F6-42DA-9E5A-F7AAF74ED45B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc5-p1:*:*:*:*:*:*",
"matchCriteriaId": "00D28E4E-022B-482E-9952-7F7F47C427C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:b1-p1:*:*:*:*:*:*",
"matchCriteriaId": "66364EA4-83B1-4597-8C18-D5633B361A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:b2-p2:*:*:*:*:*:*",
"matchCriteriaId": "EF9292DD-EFB1-4B50-A941-7485D901489F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:rc1-p1:*:*:*:*:*:*",
"matchCriteriaId": "B536EE52-ED49-4A85-BC9D-A27828D5A961",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When dumping core and saving process information, proc_getargv() might return an sbuf which have a sbuf_len() of 0 or -1, which is not properly handled.\n\nAn out-of-bound read can happen when user constructs a specially crafted ps_string, which in turn can cause the kernel to crash."
},
{
"lang": "es",
"value": "Al volcar el n\u00facleo y guardar la informaci\u00f3n del proceso, proc_getargv() puede devolver un sbuf que tiene un sbuf_len() de 0 o -1, que no se maneja adecuadamente. Puede ocurrir una lectura fuera de los l\u00edmites cuando el usuario construye un ps_string especialmente manipulado, lo que a su vez puede provocar que el kernel falle."
}
],
"id": "CVE-2022-23089",
"lastModified": "2025-06-04T21:11:31.653",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-02-15T05:15:09.620",
"references": [
{
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:09.elf.asc"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240415-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:09.elf.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240415-0006/"
}
],
"sourceIdentifier": "secteam@freebsd.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…