CVE-2022-23086: Heap Overflow via _CFG_PAGE IOCTL in Linux mpr/mps/mpt Drivers
CVE-2022-23086 Published on February 15, 2024
mpr/mps/mpt driver ioctl heap out-of-bounds write
Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small.
Users with access to the mpr, mps or mpt device node may overwrite heap data, potentially resulting in privilege escalation. Note that the device node is only accessible to root and members of the operator group.
Vulnerability Analysis
CVE-2022-23086 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Products Associated with CVE-2022-23086
Want to know whenever a new CVE is published for FreeBSD? stack.watch will email you.
Affected Versions
FreeBSD:- Version 13.1-RC1 and below p1 is affected.
- Version 13.0-RELEASE and below p11 is affected.
- Version 12.3-RELEASE and below p5 is affected.
- Version 13.1-rc1 and below 13.1_p1 is affected.
- Version 13.0 and below 13.0_p11 is affected.
- Version 12.3 and below 12.0_p5 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.