PT-2020-19588 · Freebsd · Freebsd
Ilja Van Sprundel
·
Published
2020-03-19
·
Updated
2022-07-12
·
CVE-2020-7452
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
FreeBSD versions 12.1-STABLE before r357490
FreeBSD versions 12.1-RELEASE before 12.1-RELEASE-p3
FreeBSD versions 11.3-STABLE before r357489
FreeBSD versions 11.3-RELEASE before 11.3-RELEASE-p7
Description
The issue is related to the incorrect use of a user-controlled pointer in the epair virtual network module. This allowed vnet jailed privileged users to panic the host system and potentially execute arbitrary code in the kernel.
Recommendations
For FreeBSD versions 12.1-STABLE before r357490, update to a version after r357490 to resolve the issue.
For FreeBSD versions 12.1-RELEASE before 12.1-RELEASE-p3, update to 12.1-RELEASE-p3 or later to resolve the issue.
For FreeBSD versions 11.3-STABLE before r357489, update to a version after r357489 to resolve the issue.
For FreeBSD versions 11.3-RELEASE before 11.3-RELEASE-p7, update to 11.3-RELEASE-p7 or later to resolve the issue.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Freebsd