CVE-2020-7456

Name of the Vulnerable Software and Affected Versions FreeBSD versions 11.3-RELEASE before p10 FreeBSD versions 11.4-RC2 before p1 FreeBSD versions 11.4-STABLE before r361919 FreeBSD versions 12.1-RELEASE before p6 FreeBSD versions 12.1-STABLE before r361918

Description The issue allows an attacker with physical access to a USB port to use a specially crafted USB device to gain kernel or user-space code execution. This is due to an invalid memory location being used for HID items if the push/pop level is not restored within the processing of that HID item. The problem is related to the USB stack and the handling of USB HID device descriptors, which can push and pop the current state, allowing descriptions of elements to be combined into multi-level groups.

Recommendations For FreeBSD versions 11.3-RELEASE before p10, update to FreeBSD 11.3-RELEASE-p10. For FreeBSD versions 11.4-RC2 before p1, update to a version that includes the fix. For FreeBSD versions 11.4-STABLE before r361919, update to a version that includes the fix. For FreeBSD versions 12.1-RELEASE before p6, update to FreeBSD 12.1-RELEASE-p6. For FreeBSD versions 12.1-STABLE before r361918, update to a version that includes the fix. As a temporary workaround, consider setting the parameter "sysctl hw.usb.disable enumeration=1" to disable USB enumeration.