Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-23087

Published: 15/02/2024 Updated: 15/02/2024

Vulnerability Summary

The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. These include the insertion of IP and TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation offload ("TSO"). The e1000 device model uses an on-stack buffer to generate the modified packet header when simulating these modifications on transmitted packets. When checksum offload is requested for a transmitted packet, the e1000 device model used a guest-provided value to specify the checksum offset in the on-stack buffer. The offset was not validated for certain packet types. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host, possibly leading to code execution in the host context. The bhyve process runs in a Capsicum sandbox, which (depending on the FreeBSD version and bhyve configuration) limits the impact of exploiting this issue.

Vulnerability Trend

Github Repositories

https://github.com/StonerJoe420/StonerJoe.io

bhyve Exploit code for CVE-2022-23087

https://github.com/synacktiv/bhyve

bhyve Exploit code for CVE-2022-23087

References

https://security.freebsd.org/advisories/FreeBSD-SA-22:05.bhyve.aschttps://nvd.nist.govhttps://github.com/StonerJoe420/StonerJoe.io
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook