CVE-2019-5612

Name of the Vulnerable Software and Affected Versions FreeBSD versions prior to 12.0-RELEASE-p10 FreeBSD versions prior to 11.3-RELEASE-p3 FreeBSD versions prior to 11.2-RELEASE-p14

Description The issue arises from a read handler in the kernel driver for /dev/midistat that is not thread-safe. This allows a multi-threaded program to exploit races in the handler, potentially copying out kernel memory outside the boundaries of midistat's data buffer.

Recommendations For versions prior to 12.0-RELEASE-p10, update to 12.0-RELEASE-p10 or later. For versions prior to 11.3-RELEASE-p3, update to 11.3-RELEASE-p3 or later. For versions prior to 11.2-RELEASE-p14, update to 11.2-RELEASE-p14 or later.