Buffer Overflow Vulnerability in e1000 Network Adapters Could Lead to Code Execution
CVE-2022-23087

8.8HIGH

Key Information:

Vendor: FreeBSD
Status: FreeBSD
Vendor: CVE Published:; 15 February 2024

What is CVE-2022-23087?

The e1000 network adapters are designed to allow various modifications to Ethernet packets during transmission, including the ability to insert IP and TCP checksums, Ethernet VLAN headers, and utilize TCP segmentation offload (TSO). However, a flaw exists where the e1000 device model employs an on-stack buffer to craft modified packet headers based on a guest-provided checksum offset, which is not validated for specific packet types. This oversight enables a misbehaving bhyve guest to potentially overwrite memory within the bhyve process running on the host system. Although the bhyve process operates within a Capsicum sandbox that may constrain the scope of exploitation depending on the FreeBSD version and configuration, it raises significant concerns regarding host security and integrity.

Affected Version(s)

FreeBSD 13.1-RC1

FreeBSD 13.0-RELEASE

FreeBSD 12.3-RELEASE

References

https://security.freebsd.org/advisories/FreeBSD-SA-22:05....

vendor-advisory

https://security.netapp.com/advisory/ntap-20240415-0005/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 15, 2024
Vulnerability Reserved
Jan 10, 2022

Credit

Mehdi Talbi

Synacktiv