Home > Vulnerability Database > CVE-2022-23087

Mend.io Vulnerability Database

CVE-2022-23087

Date: February 15, 2024

The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. These include the insertion of IP and TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation offload ("TSO"). The e1000 device model uses an on-stack buffer to generate the modified packet header when simulating these modifications on transmitted packets. When checksum offload is requested for a transmitted packet, the e1000 device model used a guest-provided value to specify the checksum offset in the on-stack buffer. The offset was not validated for certain packet types. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host, possibly leading to code execution in the host context. The bhyve process runs in a Capsicum sandbox, which (depending on the FreeBSD version and bhyve configuration) limits the impact of exploiting this issue.

Language: C

Severity Score

8.8

Related Resources (4)

Url: https://security.netapp.com/advisory/ntap-20240415-0005/

Url: https://security.freebsd.org/advisories/FreeBSD-SA-22:05.bhyve.asc

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-23087

Url: https://www.mend.io/vulnerability-database/CVE-2022-23087

Severity Score

8.8

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-23087

Date: February 15, 2024

Language: C

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?