漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Multiple vulnerabilities in the sound(4) mmap path
Vulnerability Description
dsp_mmap_single() validated the requested mapping by checking the sum of the user-supplied offset and length against the buffer size. This addition could overflow, so that a large offset and length wrapped around and passed the check. The offset was then narrowed from 64 to 32 bits when converted to a buffer address, yielding a mapping that extended past the audio buffer into unrelated kernel memory. The /dev/dsp device nodes are world-accessible by default. On a system with an audio device, either issue allows an unprivileged local user to read and write kernel memory, which can be used to escalate privileges, potentially gaining full control of the affected system. At a minimum, an attacker can crash the kernel, resulting in a Denial of Service (DoS).
CVSS Information
N/A
Vulnerability Type
跨界内存读
Vulnerability Title
FreeBSD 缓冲区错误漏洞
Vulnerability Description
FreeBSD是FreeBSD基金会开源的一套类Unix操作系统。 FreeBSD存在安全漏洞,该漏洞源于dsp_mmap_single()函数在验证映射请求时,检查用户提供的偏移量和长度之和与缓冲区大小,但加法运算可能溢出,导致大偏移量和长度通过检查,偏移量从64位缩小到32位后产生越界映射,可能导致未授权本地用户读写内核内存,进而权限提升或内核崩溃造成拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A