CVE-2019-5608

Name of the Vulnerable Software and Affected Versions FreeBSD versions 11.2-RELEASE before 11.2-RELEASE-p13 FreeBSD versions 11.3-RELEASE before 11.3-RELEASE-p2 FreeBSD versions 12.0-RELEASE before 12.0-RELEASE-p9

Description The issue arises from the incorrect handling of MLDv2 listener query packets that are internally fragmented across multiple mbufs in the ICMPv6 input path. This can be exploited by a remote attacker to cause an out-of-bounds read or write, potentially leading to a kernel panic due to an attempt to access an unmapped page.

Recommendations For FreeBSD versions 11.2-RELEASE before 11.2-RELEASE-p13, update to 11.2-RELEASE-p13 or later. For FreeBSD versions 11.3-RELEASE before 11.3-RELEASE-p2, update to 11.3-RELEASE-p2 or later. For FreeBSD versions 12.0-RELEASE before 12.0-RELEASE-p9, update to 12.0-RELEASE-p9 or later.