CVE-2022-23092 - Vulnerability Details

The implementation of lib9p's handling of RWALK messages was missing a bounds check needed when unpacking the message contents. The missing check means that the receipt of a specially crafted message will cause lib9p to overwrite unrelated memory. The bug can be triggered by a malicious bhyve guest kernel to overwrite memory in the bhyve(8) process. This could potentially lead to user-mode code execution on the host, subject to bhyve's Capsicum sandbox.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Freebsd	Freebsd

Configuration 1 [-]

OR	cpe:2.3:o:freebsd:freebsd:13.0:beta1::::::
	cpe:2.3:o:freebsd:freebsd:13.0:beta2::::::
	cpe:2.3:o:freebsd:freebsd:13.0:beta3::::::
	cpe:2.3:o:freebsd:freebsd:13.0:beta3-p1::::::
	cpe:2.3:o:freebsd:freebsd:13.0:beta4::::::
	cpe:2.3:o:freebsd:freebsd:13.0:p1::::::
	cpe:2.3:o:freebsd:freebsd:13.0:p10::::::
	cpe:2.3:o:freebsd:freebsd:13.0:p11::::::
	cpe:2.3:o:freebsd:freebsd:13.0:p2::::::
	cpe:2.3:o:freebsd:freebsd:13.0:p3::::::
	cpe:2.3:o:freebsd:freebsd:13.0:p4::::::
	cpe:2.3:o:freebsd:freebsd:13.0:p5::::::
	cpe:2.3:o:freebsd:freebsd:13.0:p6::::::
	cpe:2.3:o:freebsd:freebsd:13.0:p7::::::
	cpe:2.3:o:freebsd:freebsd:13.0:p8::::::
	cpe:2.3:o:freebsd:freebsd:13.0:p9::::::
	cpe:2.3:o:freebsd:freebsd:13.0:rc1::::::
	cpe:2.3:o:freebsd:freebsd:13.0:rc2::::::
	cpe:2.3:o:freebsd:freebsd:13.0:rc3::::::
	cpe:2.3:o:freebsd:freebsd:13.0:rc4::::::
	cpe:2.3:o:freebsd:freebsd:13.0:rc5::::::
	cpe:2.3:o:freebsd:freebsd:13.0:rc5-p1::::::
	cpe:2.3:o:freebsd:freebsd:13.1:b1-p1::::::
	cpe:2.3:o:freebsd:freebsd:13.1:b2-p2::::::
	cpe:2.3:o:freebsd:freebsd:13.1:rc1-p1::::::

No data.

References

Link	Providers
https://security.freebsd.org/advisories/FreeBSD-SA-22:12.lib9p.asc
https://security.netapp.com/advisory/ntap-20240415-0009/

History

Wed, 04 Jun 2025 22:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:freebsd:freebsd:13.0:beta1:::::: cpe:2.3:o:freebsd:freebsd:13.0:beta2:::::: cpe:2.3:o:freebsd:freebsd:13.0:beta3-p1:::::: cpe:2.3:o:freebsd:freebsd:13.0:beta3:::::: cpe:2.3:o:freebsd:freebsd:13.0:beta4:::::: cpe:2.3:o:freebsd:freebsd:13.0:p10:::::: cpe:2.3:o:freebsd:freebsd:13.0:p11:::::: cpe:2.3:o:freebsd:freebsd:13.0:p1:::::: cpe:2.3:o:freebsd:freebsd:13.0:p2:::::: cpe:2.3:o:freebsd:freebsd:13.0:p3:::::: cpe:2.3:o:freebsd:freebsd:13.0:p4:::::: cpe:2.3:o:freebsd:freebsd:13.0:p5:::::: cpe:2.3:o:freebsd:freebsd:13.0:p6:::::: cpe:2.3:o:freebsd:freebsd:13.0:p7:::::: cpe:2.3:o:freebsd:freebsd:13.0:p8:::::: cpe:2.3:o:freebsd:freebsd:13.0:p9:::::: cpe:2.3:o:freebsd:freebsd:13.0:rc1:::::: cpe:2.3:o:freebsd:freebsd:13.0:rc2:::::: cpe:2.3:o:freebsd:freebsd:13.0:rc3:::::: cpe:2.3:o:freebsd:freebsd:13.0:rc4:::::: cpe:2.3:o:freebsd:freebsd:13.0:rc5-p1:::::: cpe:2.3:o:freebsd:freebsd:13.0:rc5:::::: cpe:2.3:o:freebsd:freebsd:13.1:b1-p1:::::: cpe:2.3:o:freebsd:freebsd:13.1:b2-p2:::::: cpe:2.3:o:freebsd:freebsd:13.1:rc1-p1::::::

Thu, 13 Feb 2025 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Freebsd Freebsd freebsd
CPEs		cpe:2.3:o:freebsd:freebsd::::::::
Vendors & Products		Freebsd Freebsd freebsd
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 29 Aug 2024 21:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-787
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: freebsd

Published: 2024-02-15T05:13:50.356Z

Updated: 2025-02-13T16:29:03.221Z

Reserved: 2022-01-10T22:07:46.042Z

Link: CVE-2022-23092

Vulnrichment

Updated: 2024-08-03T03:28:43.506Z

NVD

Status : Analyzed

Published: 2024-02-15T06:15:45.190

Modified: 2025-06-04T22:09:43.293

Link: CVE-2022-23092

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object