CVE-2019-15877

Name of the Vulnerable Software and Affected Versions FreeBSD versions 12.1-STABLE before r356606 FreeBSD versions 12.1-RELEASE before 12.1-RELEASE-p3

Description The issue arises from driver specific ioctl command handlers in the ixl network driver that failed to check whether the caller has sufficient privileges. This allows unprivileged users to trigger updates to the device's non-volatile memory.

Recommendations For FreeBSD versions 12.1-STABLE before r356606, update to a version after r356606 to resolve the issue. For FreeBSD versions 12.1-RELEASE before 12.1-RELEASE-p3, update to 12.1-RELEASE-p3 or later to resolve the issue.