PT-2020-15846 · Freebsd+1 · Freebsd+1

Published

2020-09-03

Updated

2020-09-11

CVE-2020-24863

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions MidnightBSD versions prior to 1.2.7 MidnightBSD versions 1.3 through 2020-08-19 FreeBSD versions prior to 11.4

Description A memory corruption issue was found in the kernel function kern getfsstat() that allows an attacker to trigger an invalid free and crash the system via a crafted size value in conjunction with an invalid mode.

Recommendations For MidnightBSD versions prior to 1.2.7, update to version 1.2.7 or later. For MidnightBSD versions 1.3 through 2020-08-19, apply the necessary patches or updates to fix the issue. For FreeBSD versions prior to 11.4, update to version 11.4 or later.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2020-24863

Affected Products

Freebsd

Midnightbsd

PT-2020-15846 · Freebsd+1 · Freebsd+1

CVE-2020-24863

Weakness Enumeration

Related Identifiers

Affected Products

References · 6