PT-2020-19596 · Freebsd · Freebsd
M00Nbsd
·
Published
2020-08-05
·
Updated
2022-07-01
·
CVE-2020-7460
CVSS v3.1
7.0
High
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
FreeBSD versions 11.3-RELEASE before p12
FreeBSD versions 11.4-RELEASE before p2
FreeBSD versions 11.4-STABLE before r363919
FreeBSD versions 12.1-RELEASE before p8
FreeBSD versions 12.1-STABLE before r363918
Description
The issue is related to a time-of-check to time-of-use vulnerability in the sendmsg system call within the compat32 subsystem on 64-bit platforms. This allows a malicious userspace program to modify control message headers after they were validated, potentially leading to privilege escalation.
Recommendations
For FreeBSD versions 11.3-RELEASE before p12, update to a version that includes the necessary patches.
For FreeBSD versions 11.4-RELEASE before p2, update to a version that includes the necessary patches.
For FreeBSD versions 11.4-STABLE before r363919, update to a version that includes the necessary patches.
For FreeBSD versions 12.1-RELEASE before p8, update to a version that includes the necessary patches.
For FreeBSD versions 12.1-STABLE before r363918, update to a version that includes the necessary patches.
Fix
Time Of Check To Time Of Use
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Freebsd