Mark Johnston

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** A particular case of memory sharing is mishandled in the virtual memory system, similar to a previously known issue but with a different root cause. This allows an unprivileged local user process to maintain a mapping of a page after it is freed, enabling the process to read private data belonging to other processes or the kernel. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions prior to 12.0-RELEASE-p10 FreeBSD versions prior to 11.3-RELEASE-p3 FreeBSD versions prior to 11.2-RELEASE-p14 **Description** The issue arises from a read handler in the kernel driver for `/dev/midistat` that is not thread-safe. This allows a multi-threaded program to exploit races in the handler, potentially copying out kernel memory outside the boundaries of midistat's data buffer. **Recommendations** For versions prior to 12.0-RELEASE-p10, update to 12.0-RELEASE-p10 or later. For versions prior to 11.3-RELEASE-p3, update to 11.3-RELEASE-p3 or later. For versions prior to 11.2-RELEASE-p14, update to 11.2-RELEASE-p14 or later.

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions prior to 12.0-RELEASE-p8 FreeBSD versions prior to 11.3-RELEASE-p1 FreeBSD versions prior to 11.2-RELEASE-p12 **Description** The issue allows a malicious local user to gain root privileges or escape from a jail by causing the reference counter to wrap, forcing a free event, due to rights transmitted over a domain socket not properly releasing a reference on transmission error. **Recommendations** For versions prior to 12.0-RELEASE-p8, update to 12.0-RELEASE-p8 or later. For versions prior to 11.3-RELEASE-p1, update to 11.3-RELEASE-p1 or later. For versions prior to 11.2-RELEASE-p12, update to 11.2-RELEASE-p12 or later.

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions prior to 11.1-STABLE FreeBSD versions prior to 11.2-RELEASE-p3 FreeBSD versions prior to 11.1-RELEASE-p14 FreeBSD versions prior to 10.4-STABLE FreeBSD versions prior to 10.4-RELEASE-p12 **Description** The issue is caused by insufficient validation in the ELF header parser, which could allow a malicious ELF binary to cause a kernel crash or disclose kernel memory. This could potentially impact the confidentiality of protected information or cause a denial of service. **Recommendations** For versions prior to 11.1-STABLE, update to 11.1-STABLE or later. For versions prior to 11.2-RELEASE-p3, update to 11.2-RELEASE-p3 or later. For versions prior to 11.1-RELEASE-p14, update to 11.1-RELEASE-p14 or later. For versions prior to 10.4-STABLE, update to 10.4-STABLE or later. For versions prior to 10.4-RELEASE-p12, update to 10.4-RELEASE-p12 or later.