CVE-2014-3880

Name of the Vulnerable Software and Affected Versions FreeBSD kernel versions prior to 8.4 p11 FreeBSD kernel versions prior to 9.1 p14 FreeBSD kernel versions prior to 9.2 p7 FreeBSD kernel versions prior to 10.0 p4

Description The issue allows local users to cause a denial of service, resulting in a system reboot, by triggering an invalid page table pointer dereference via a crafted system call. This occurs because the execve and fexecve system calls destroy the virtual memory address space and mappings for a process before all threads have terminated.

Recommendations For FreeBSD kernel version 8.4, update to at least p11 to resolve the issue. For FreeBSD kernel version 9.1, update to at least p14 to resolve the issue. For FreeBSD kernel version 9.2, update to at least p7 to resolve the issue. For FreeBSD kernel version 10.0, update to at least p4 to resolve the issue.