CVE-2019-5611

Name of the Vulnerable Software and Affected Versions FreeBSD versions 12.0-STABLE before r350828 FreeBSD versions 12.0-RELEASE before 12.0-RELEASE-p10 FreeBSD versions 11.3-STABLE before r350829 FreeBSD versions 11.3-RELEASE before 11.3-RELEASE-p3 FreeBSD versions 11.2-RELEASE before 11.2-RELEASE-p14

Description A missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous, leading to a remote denial of service. Extra checks in the IPv6 stack could catch the error condition and trigger a kernel panic. The issue is caused by the lack of a necessary check in the m pulldown() call, which may return non-contiguous chains of mbufs, contrary to the expectations of the calling side. This can be exploited by sending specially fragmented ICMPv6 MLD packets, potentially leading to a kernel crash, also known as a "packet-of-death" scenario.

Recommendations For FreeBSD versions 12.0-STABLE before r350828, update to a version after r350828. For FreeBSD versions 12.0-RELEASE before 12.0-RELEASE-p10, update to 12.0-RELEASE-p10 or later. For FreeBSD versions 11.3-STABLE before r350829, update to a version after r350829. For FreeBSD versions 11.3-RELEASE before 11.3-RELEASE-p3, update to 11.3-RELEASE-p3 or later. For FreeBSD versions 11.2-RELEASE before 11.2-RELEASE-p14, update to 11.2-RELEASE-p14 or later.