Chris J-D

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions 11.0 through 13.0 **Description** The issue is related to the aio aqueue function used by the lio listio system call, which fails to release a reference to a credential in an error case. This can lead to a reference count overflow, resulting in a use after free (UAF) condition. An attacker may exploit this to execute arbitrary code. The estimated number of potentially affected devices is not specified. **Recommendations** For FreeBSD versions 11.0 through 13.0, update to a version that includes the fix for the aio aqueue function reference count issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.