CVE-2022-23091

Summary

A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause.

An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel.

Affected Software

VendorProductVersion RangeStatus
FreeBSDFreeBSD13.1-RELEASE < p1affected
FreeBSDFreeBSD13.0-RELEASE < p12affected
FreeBSDFreeBSD12.3-RELEASE < p6affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References