Multiple vulnerabilities in FreeBSD
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2022-23092 CVE-2022-23091 CVE-2022-23090 CVE-2022-23089 |
| CWE-ID | CWE-119 CWE-264 CWE-416 CWE-125 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
FreeBSD Operating systems & Components / Operating system |
| Vendor | FreeBSD Foundation |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU66475
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-23092
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in lib9p implementation used by bhyve(8). A remote user on the guest OS can send a specially crafted message to trigger memory corruption and execute arbitrary code on the host OS.
Install updates from vendor's website.
Vulnerable software versionsFreeBSD: 13.0 RC4 - 13.1
CPE2.3- cpe:2.3:o:freebsd_foundation:freebsd:13.0:RC4:*:*:*:*:*:*
- cpe:2.3:o:freebsd_foundation:freebsd:13.0:RC5-p1:*:*:*:*:*:*
- cpe:2.3:o:freebsd_foundation:freebsd:13.0:*:*:*:*:*:*:*
http://www.freebsd.org/security/advisories/FreeBSD-SA-22:12.lib9p.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU66474
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-23091
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to an error in virtual mapping implementation. An local unprivileged process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel.
Install updates from vendor's website.
Vulnerable software versionsFreeBSD: 12.0 - 13.1
CPE2.3- cpe:2.3:o:freebsd_foundation:freebsd:12.0:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd_foundation:freebsd:12.1:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd_foundation:freebsd:12.2-RELEASE-p6:*:*:*:*:*:*:*
http://www.freebsd.org/security/advisories/FreeBSD-SA-22:11.vm.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU66473
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-23090
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the aio(4) subsystem. The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsFreeBSD: 12.0 - 13.1
CPE2.3- cpe:2.3:o:freebsd_foundation:freebsd:12.0:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd_foundation:freebsd:12.1:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd_foundation:freebsd:12.2-RELEASE-p6:*:*:*:*:*:*:*
http://www.freebsd.org/security/advisories/FreeBSD-SA-22:10.aio.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU66472
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-23089
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the elf_note_prpsinfo() function in prpsinfo. A local user can trigger an out-of-bounds read error and crash the OS kernel.
MitigationInstall updates from vendor's website.
Vulnerable software versionsFreeBSD: 12.0 - 13.1
CPE2.3- cpe:2.3:o:freebsd_foundation:freebsd:12.0:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd_foundation:freebsd:12.1:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd_foundation:freebsd:12.2-RELEASE-p6:*:*:*:*:*:*:*
http://www.freebsd.org/security/advisories/FreeBSD-SA-22:09.elf.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
