vulnerability
FreeBSD: VID-703c4761-b61d-11ec-9ebc-1c697aa5a594 (CVE-2022-23086): FreeBSD -- mpr/mps/mpt driver ioctl heap out-of-bounds write
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:S/C:C/I:C/A:C) | Apr 7, 2022 | Nov 4, 2022 | Dec 10, 2025 |
Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
Apr 7, 2022
Added
Nov 4, 2022
Modified
Dec 10, 2025
Description
Problem Description: Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small. Impact: Users with access to the mpr, mps or mpt device node may overwrite heap data, potentially resulting in privilege escalation. Note that the device node is only accessible to root and members of the operator group.
Solutions
freebsd-upgrade-base-13_0-release-p11freebsd-upgrade-base-12_3-release-p5
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.