{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-23091", "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "state": "PUBLISHED", "assignerShortName": "freebsd", "dateReserved": "2022-01-10T22:07:46.042Z", "datePublished": "2024-02-15T05:11:35.101Z", "dateUpdated": "2025-02-13T16:29:02.596Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "modules": ["vm"], "product": "FreeBSD", "vendor": "FreeBSD", "versions": [{"lessThan": "p1", "status": "affected", "version": "13.1-RELEASE", "versionType": "release"}, {"lessThan": "p12", "status": "affected", "version": "13.0-RELEASE", "versionType": "release"}, {"lessThan": "p6", "status": "affected", "version": "12.3-RELEASE", "versionType": "release"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Mark Johnston"}], "datePublic": "2022-08-09T23:00:00.000Z", "descriptions": [{"lang": "en", "value": "A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause.\n\nAn unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel."}], "providerMetadata": {"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd", "dateUpdated": "2024-04-15T15:06:18.061Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:11.vm.asc"}, {"url": "https://security.netapp.com/advisory/ntap-20240415-0008/"}], "source": {"discovery": "UNKNOWN"}, "title": "Memory disclosure by stale virtual memory mapping", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-401", "lang": "en", "description": "CWE-401 Missing Release of Memory after Effective Lifetime"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-02-15T16:28:20.765100Z", "id": "CVE-2022-23091", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-28T19:29:18.683Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:28:43.503Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:11.vm.asc"}, {"url": "https://security.netapp.com/advisory/ntap-20240415-0008/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:11.vm.asc", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240415-0008/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:28:43.503Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-23091", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-15T16:28:20.765100Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:10.314Z"}}], "cna": {"title": "Memory disclosure by stale virtual memory mapping", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Mark Johnston"}], "affected": [{"vendor": "FreeBSD", "modules": ["vm"], "product": "FreeBSD", "versions": [{"status": "affected", "version": "13.1-RELEASE", "lessThan": "p1", "versionType": "release"}, {"status": "affected", "version": "13.0-RELEASE", "lessThan": "p12", "versionType": "release"}, {"status": "affected", "version": "12.3-RELEASE", "lessThan": "p6", "versionType": "release"}], "defaultStatus": "unknown"}], "datePublic": "2022-08-09T23:00:00.000Z", "references": [{"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:11.vm.asc", "tags": ["vendor-advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20240415-0008/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause.\n\nAn unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel."}], "providerMetadata": {"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd", "dateUpdated": "2024-04-15T15:06:18.061Z"}}}, "cveMetadata": {"cveId": "CVE-2022-23091", "state": "PUBLISHED", "dateUpdated": "2025-02-13T16:29:02.596Z", "dateReserved": "2022-01-10T22:07:46.042Z", "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "datePublished": "2024-02-15T05:11:35.101Z", "assignerShortName": "freebsd"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "matchCriteriaId": "21DD7BCE-A20E-4014-8E35-DB6EC1FB12B0", "versionEndExcluding": "12.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:beta1:*:*:*:*:*:*", "matchCriteriaId": "E231B24D-5CA9-4107-A819-57EE116AD644", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p1:*:*:*:*:*:*", "matchCriteriaId": "3B6DCD8A-331E-419F-9253-C4D35C1DF54B", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p2:*:*:*:*:*:*", "matchCriteriaId": "4578E06C-16C6-435E-9E51-91CB02602355", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p3:*:*:*:*:*:*", "matchCriteriaId": "71FA1F6C-7E53-40F8-B9E1-5FD28D5DAADA", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p4:*:*:*:*:*:*", "matchCriteriaId": "0EC87BCE-17F0-479B-84DC-516C24FBD396", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p5:*:*:*:*:*:*", "matchCriteriaId": "620C23ED-400C-438C-8427-94437F12EDAF", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:-:*:*:*:*:*:*", "matchCriteriaId": "174265E7-6B73-4546-B4C7-3826C7EB5624", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "7412DBD8-BB1F-48A8-AAE1-BA5C8D7BDDF7", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "833DFF5B-BC50-424A-ABCF-EC632F421B76", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "9F27016E-4117-4094-BB7A-9C56E38024D9", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta3-p1:*:*:*:*:*:*", "matchCriteriaId": "EC7326E3-908D-47A1-B848-3AA7F34B3DD3", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "B149BF69-951D-47B4-996C-9E4773DA75B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p1:*:*:*:*:*:*", "matchCriteriaId": "04A0E266-714C-4753-A652-A51F25582C78", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p10:*:*:*:*:*:*", "matchCriteriaId": "D133E8E0-4E88-451C-9693-5DE5C3092AD2", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p11:*:*:*:*:*:*", "matchCriteriaId": "FF1A096F-EC60-4C7D-AE40-D1DDAC9D4E40", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p2:*:*:*:*:*:*", "matchCriteriaId": "556111A1-C236-4DF6-9438-F9C874451A58", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p3:*:*:*:*:*:*", "matchCriteriaId": "1673F16B-463A-492C-B66F-48917008F7F5", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p4:*:*:*:*:*:*", "matchCriteriaId": "E73B211F-2CA9-47A4-B318-F24CC1C7E589", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p5:*:*:*:*:*:*", "matchCriteriaId": "7C13DDEF-FF5F-4723-9C25-4EA66AE2CEDD", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p6:*:*:*:*:*:*", "matchCriteriaId": "7A942EA9-0DD3-44BC-B582-C680BA34E88F", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p7:*:*:*:*:*:*", "matchCriteriaId": "689BC10B-0404-4468-B604-9D96337F9BD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p8:*:*:*:*:*:*", "matchCriteriaId": "38DDAA43-3E9C-479F-8416-E3B9BE23C31B", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p9:*:*:*:*:*:*", "matchCriteriaId": "AE490480-1EA1-4684-A643-9749E87A8448", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "FC271C93-EB83-4301-B7BA-F3249B71B1EA", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "04329338-AC28-4A74-BE6B-CE8EC6CC37B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "ADBA841F-5C83-4759-84B7-B59DA1B12EA8", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "6A8F38B3-A6DA-4178-A2BD-0D4F0267C384", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "9BB028A0-70F6-42DA-9E5A-F7AAF74ED45B", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc5-p1:*:*:*:*:*:*", "matchCriteriaId": "00D28E4E-022B-482E-9952-7F7F47C427C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:b1-p1:*:*:*:*:*:*", "matchCriteriaId": "66364EA4-83B1-4597-8C18-D5633B361A9C", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:b2-p2:*:*:*:*:*:*", "matchCriteriaId": "EF9292DD-EFB1-4B50-A941-7485D901489F", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:rc1-p1:*:*:*:*:*:*", "matchCriteriaId": "B536EE52-ED49-4A85-BC9D-A27828D5A961", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause.\n\nAn unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel."}, {"lang": "es", "value": "Un caso particular de compartir memoria se maneja mal en el sistema de memoria virtual. Esto es muy similar a SA-21:08.vm, pero con una causa ra\u00edz diferente. Un proceso de usuario local sin privilegios puede mantener un mapeo de una p\u00e1gina despu\u00e9s de que se libera, lo que permite que ese proceso lea datos privados que pertenecen a otros procesos o al kernel."}], "id": "CVE-2022-23091", "lastModified": "2025-06-04T22:09:07.247", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-02-15T06:15:45.147", "references": [{"source": "secteam@freebsd.org", "tags": ["Vendor Advisory"], "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:11.vm.asc"}, {"source": "secteam@freebsd.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240415-0008/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:11.vm.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240415-0008/"}], "sourceIdentifier": "secteam@freebsd.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}