The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption.
On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.
The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Freebsd | Freebsd | 12.0 (including) | 12.3 (excluding) |
Freebsd | Freebsd | 12.3 (including) | 12.3 (including) |
Freebsd | Freebsd | 12.3-p1 (including) | 12.3-p1 (including) |
Freebsd | Freebsd | 12.3-p2 (including) | 12.3-p2 (including) |
Freebsd | Freebsd | 12.3-p3 (including) | 12.3-p3 (including) |
Freebsd | Freebsd | 12.3-p4 (including) | 12.3-p4 (including) |
Freebsd | Freebsd | 13.0 (including) | 13.0 (including) |
Freebsd | Freebsd | 13.0-beta1 (including) | 13.0-beta1 (including) |
Freebsd | Freebsd | 13.0-beta2 (including) | 13.0-beta2 (including) |
Freebsd | Freebsd | 13.0-beta3 (including) | 13.0-beta3 (including) |
Freebsd | Freebsd | 13.0-beta3-p1 (including) | 13.0-beta3-p1 (including) |
Freebsd | Freebsd | 13.0-beta4 (including) | 13.0-beta4 (including) |
Freebsd | Freebsd | 13.0-p1 (including) | 13.0-p1 (including) |
Freebsd | Freebsd | 13.0-p10 (including) | 13.0-p10 (including) |
Freebsd | Freebsd | 13.0-p2 (including) | 13.0-p2 (including) |
Freebsd | Freebsd | 13.0-p3 (including) | 13.0-p3 (including) |
Freebsd | Freebsd | 13.0-p4 (including) | 13.0-p4 (including) |
Freebsd | Freebsd | 13.0-p5 (including) | 13.0-p5 (including) |
Freebsd | Freebsd | 13.0-p6 (including) | 13.0-p6 (including) |
Freebsd | Freebsd | 13.0-p7 (including) | 13.0-p7 (including) |
Freebsd | Freebsd | 13.0-p8 (including) | 13.0-p8 (including) |
Freebsd | Freebsd | 13.0-p9 (including) | 13.0-p9 (including) |
Freebsd | Freebsd | 13.0-rc1 (including) | 13.0-rc1 (including) |
Freebsd | Freebsd | 13.0-rc2 (including) | 13.0-rc2 (including) |
Freebsd | Freebsd | 13.0-rc3 (including) | 13.0-rc3 (including) |
Freebsd | Freebsd | 13.0-rc4 (including) | 13.0-rc4 (including) |
Freebsd | Freebsd | 13.0-rc5 (including) | 13.0-rc5 (including) |
Freebsd | Freebsd | 13.0-rc5-p1 (including) | 13.0-rc5-p1 (including) |