Peter Holm

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions prior to 12.0-RELEASE-p10 FreeBSD versions prior to 11.3-RELEASE-p3 FreeBSD versions prior to 11.2-RELEASE-p14 **Description** The issue arises from a read handler in the kernel driver for `/dev/midistat` that is not thread-safe. This allows a multi-threaded program to exploit races in the handler, potentially copying out kernel memory outside the boundaries of midistat's data buffer. **Recommendations** For versions prior to 12.0-RELEASE-p10, update to 12.0-RELEASE-p10 or later. For versions prior to 11.3-RELEASE-p3, update to 11.3-RELEASE-p3 or later. For versions prior to 11.2-RELEASE-p14, update to 11.2-RELEASE-p14 or later.

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions 11.2-STABLE after r338618 through 12.0-RELEASE before 12.0-RELEASE-p3 FreeBSD 12.0-STABLE before r343781 **Description** The issue is related to a bug in the reference count implementation for UNIX domain sockets, potentially allowing a malicious local user to gain root privileges or escape from a jail. It is also described as a vulnerability related to insufficient access control, which can be exploited to elevate privileges. **Recommendations** For FreeBSD 11.2-STABLE after r338618 through 12.0-RELEASE before 12.0-RELEASE-p3, update to 12.0-RELEASE-p3 or later to resolve the issue. For FreeBSD 12.0-STABLE before r343781, update to r343781 or later to resolve the issue. As a temporary workaround, consider restricting access to UNIX domain sockets to minimize the risk of exploitation.