PT-2019-17772 · Freebsd · Freebsd

Published

2019-07-02

Updated

2020-08-24

CVE-2019-5602

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FreeBSD versions prior to 12.0-RELEASE-p7 FreeBSD versions prior to 11.3-RC3-p1 FreeBSD versions prior to 11.2-RELEASE-p11

Description A bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory when media is present, thereby allowing a malicious user in the operator group to gain root privileges.

Recommendations For versions prior to 12.0-RELEASE-p7, update to 12.0-RELEASE-p7 or later. For versions prior to 11.3-RC3-p1, update to 11.3-RC3-p1 or later. For versions prior to 11.2-RELEASE-p11, update to 11.2-RELEASE-p11 or later.

Fix

Incorrect Authorization

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-787

Related Identifiers

CVE-2019-5602

FREEBSD-SA-19_11

Affected Products

Freebsd

PT-2019-17772 · Freebsd · Freebsd

CVE-2019-5602

Weakness Enumeration

Related Identifiers

Affected Products

References · 4