CVE-2019-5596

Name of the Vulnerable Software and Affected Versions FreeBSD versions 11.2-STABLE after r338618 through 12.0-RELEASE before 12.0-RELEASE-p3 FreeBSD 12.0-STABLE before r343781

Description The issue is related to a bug in the reference count implementation for UNIX domain sockets, potentially allowing a malicious local user to gain root privileges or escape from a jail. It is also described as a vulnerability related to insufficient access control, which can be exploited to elevate privileges.

Recommendations For FreeBSD 11.2-STABLE after r338618 through 12.0-RELEASE before 12.0-RELEASE-p3, update to 12.0-RELEASE-p3 or later to resolve the issue. For FreeBSD 12.0-STABLE before r343781, update to r343781 or later to resolve the issue. As a temporary workaround, consider restricting access to UNIX domain sockets to minimize the risk of exploitation.