CVE-2022-23085 Information

Description

A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption.

On systems configured to include netmap in their devfs_ruleset a privileged process running in a jail can affect the host environment.

Reference

https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc