PT-2019-17781 · Freebsd · Freebsd

Mark Johnston

Publicado

2019-08-20

Atualizado

2023-01-31

CVE-2019-5612

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions FreeBSD versions prior to 12.0-RELEASE-p10 FreeBSD versions prior to 11.3-RELEASE-p3 FreeBSD versions prior to 11.2-RELEASE-p14

Description The issue arises from a read handler in the kernel driver for /dev/midistat that is not thread-safe. This allows a multi-threaded program to exploit races in the handler, potentially copying out kernel memory outside the boundaries of midistat's data buffer.

Recommendations For versions prior to 12.0-RELEASE-p10, update to 12.0-RELEASE-p10 or later. For versions prior to 11.3-RELEASE-p3, update to 11.3-RELEASE-p3 or later. For versions prior to 11.2-RELEASE-p14, update to 11.2-RELEASE-p14 or later.

Correção

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

CVE-2019-5612

FREEBSD-SA-19_23

Produtos afetados

Freebsd

PT-2019-17781 · Freebsd · Freebsd

CVE-2019-5612

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4