diff options
author | Chuck Tuffli <chuck@FreeBSD.org> | 2024-09-19 15:11:30 +0000 |
---|---|---|
committer | Chuck Tuffli <chuck@FreeBSD.org> | 2024-10-06 13:50:28 +0000 |
commit | b0a24be007d83f7929de5b3fc320a29e6868067d (patch) | |
tree | 0bd225fcf2085ef60a1823da0c683db13438764b /usr.sbin/ppp/proto.h | |
parent | 7d893fce0d1126959733efec7105b56d0de7a3cb (diff) | |
download | src-main.tar.gz src-main.zip |
The function nvme_opc_get_log_page in the file usr.sbin/bhyve/pci_nvme.c
is vulnerable to buffer over-read. The value logoff is user controlled
but never checked against the value of logsize. Thus the difference:
logsize - logoff
can underflow.
Due to the sc structure layout, an attacker can dump internals fields of
sc and the content of next heap allocation.
Reported by: Synacktiv
Reviewed by: emaste, jhb
Security: HYP-07
Sponsored by: Alpha-Omega Project, The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46021
Diffstat (limited to 'usr.sbin/ppp/proto.h')
0 files changed, 0 insertions, 0 deletions