VYPR
Unrated severityNVD Advisory· Published Feb 15, 2024· Updated Feb 13, 2025

mpr/mps/mpt driver ioctl heap out-of-bounds write

CVE-2022-23086

Description

Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small.

Users with access to the mpr, mps or mpt device node may overwrite heap data, potentially resulting in privilege escalation. Note that the device node is only accessible to root and members of the operator group.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • FreeBSD/FreeBSDllm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: 13.1-RC1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.