Home > Vulnerability Database > CVE-2022-23086

Mend.io Vulnerability Database

CVE-2022-23086

Good to know:

Date: February 15, 2024

Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small. Users with access to the mpr, mps or mpt device node may overwrite heap data, potentially resulting in privilege escalation. Note that the device node is only accessible to root and members of the operator group.

Language: C

Severity Score

6.7

Related Resources (4)

Url: https://security.freebsd.org/advisories/FreeBSD-SA-22:06.ioctl.asc

Url: https://security.netapp.com/advisory/ntap-20240419-0002/

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-23086

Url: https://www.mend.io/vulnerability-database/CVE-2022-23086

Severity Score

6.7

Top Fix

Upgrade Version

Upgrade to version release/12.4.0,release/13.1.0

Learn More

CVSS v3.1

Base Score:	6.7
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-23086

Good to know:

Date: February 15, 2024

Language: C

Severity Score

Related Resources (4)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?