MNBSD-2022-0: Reject execve when new argc is zero

Severity: Unknown

Affected Package: kernel

Summary: Reject execve when new argc is zero

Description

Fixes a security issue with NULL argv[0] entries, similar to the recent CVE with polkit on Linux. The current POC for that does not work on MidnightBSD since we don't use glibc, but proactively prevent similar issues.

Affected Versions

kernel

Specific versions:

0.1.0
0.1.1
0.2.0
0.2.1
0.3.0
0.4.0
0.5.0
0.6.0
0.7.0
0.8.0
0.9.0
1.0.0
1.1.0
1.2.0
2.0.0
2.0.1
2.0.2
2.1.0
2.1.1
2.1.2
2.1.3

Recommendations

No specific recommendations provided.

References

https://github.com/MidnightBSD/src/commit/4348ca6320189db4db7e94d300f65d8c6f8a46ec

Additional Information

Aliases: None

Published: January 26, 2022
Last Modified: January 26, 2022