Mateusz Guzik

Name of the Vulnerable Software and Affected Versions: FreeBSD versions 12.2-STABLE before r369334 FreeBSD versions 11.4-STABLE before r369335 FreeBSD versions 12.2-RELEASE before p4 FreeBSD versions 11.4-RELEASE before p8 Description: The issue occurs when a process, such as jexec(8) or killall(1), calls jail attach(2) to enter a jail. In this scenario, the jailed root can attach to it using ptrace(2) before the current working directory is changed. Recommendations: For FreeBSD versions 12.2-STABLE before r369334, update to a version after r369334. For FreeBSD versions 11.4-STABLE before r369335, update to a version after r369335. For FreeBSD versions 12.2-RELEASE before p4, update to a version after p4. For FreeBSD versions 11.4-RELEASE before p8, update to a version after p8.

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions 9.3, 10.1, and 10.2 **Description** The issue is related to the handling of Linux futex robust lists in the Linux compatibility layer of the kernel, allowing local users to potentially gain privilege and read portions of kernel memory via unspecified vectors. This is due to insufficient access control in the kernel. **Recommendations** For versions 9.3, 10.1, and 10.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SoS versions 3.x **Description** The issue allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by `sosreport-$hostname-$date.tar` in `/tmp/sosreport-$hostname-$date`. **Recommendations** For SoS version 3.x, consider restricting access to the temporary directory where sosreport files are stored to minimize the risk of exploitation. As a temporary workaround, avoid using the sosreport feature until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Red Hat Enterprise Linux (RHEL) 6 kernel package versions prior to 2.6.32-358.11.1.el6 **Description** The issue is related to a problem in the do filp open function in fs/namei.c, where failure to obtain write permissions is not handled properly. This can be exploited by local users to cause a denial of service, resulting in a system crash, by accessing a filesystem that is mounted read-only. **Recommendations** For Red Hat Enterprise Linux (RHEL) 6 kernel package versions prior to 2.6.32-358.11.1.el6, update to version 2.6.32-358.11.1.el6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.8.3 **Description** A race condition issue exists in the install user keyrings function, allowing local users to cause a denial of service through crafted keyctl system calls. This can lead to a NULL pointer dereference and system crash when keyring operations are triggered in simultaneous threads. **Recommendations** For Linux kernel versions prior to 3.8.3, update to version 3.8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to keyctl system calls to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** kfreebsd-8 versions (affected versions not specified) FreeBSD versions 7.3 through 9.0-RC1 **Description** The issue concerns multiple vulnerabilities in the kfreebsd-8 package of the Debian GNU/Linux operating system and a buffer overflow in the kernel of FreeBSD. These vulnerabilities can be exploited by a local attacker to compromise the confidentiality, integrity, and availability of protected information. The buffer overflow vulnerability can cause a denial of service or possibly allow privilege escalation via a bind system call with a long pathname for a UNIX socket. **Recommendations** For kfreebsd-8, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For FreeBSD versions 7.3 through 9.0-RC1, consider upgrading to a version later than 9.0-RC1 to resolve the buffer overflow issue. As a temporary workaround, consider restricting access to the bind system call to minimize the risk of exploitation.