CVE-2022-23089

Summary

When dumping core and saving process information, proc_getargv() might return an sbuf which have a sbuf_len() of 0 or -1, which is not properly handled.

An out-of-bound read can happen when user constructs a specially crafted ps_string, which in turn can cause the kernel to crash.

Affected Software

VendorProductVersion RangeStatus
FreeBSDFreeBSD13.1-RELEASE < p1affected
FreeBSDFreeBSD13.0-RELEASE < p12affected
FreeBSDFreeBSD12.3-RELEASE < p6affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References