PT-2020-9768 · Freebsd · Freebsd

Published

2020-05-12

Updated

2022-04-26

CVE-2019-15880

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FreeBSD versions 12.1-STABLE before r356911 FreeBSD versions 12.1-RELEASE before p5

Description The issue arises from insufficient checking in the cryptodev module, which allocates the size of a kernel buffer based on a user-supplied length. This allows an unprivileged process to trigger a kernel panic.

Recommendations For FreeBSD versions 12.1-STABLE before r356911, update to a version after r356911 to resolve the issue. For FreeBSD versions 12.1-RELEASE before p5, update to p5 or later to resolve the issue. As a temporary workaround, consider restricting access to the cryptodev module to minimize the risk of exploitation.

Fix

Buffer Overflow

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-20

Related Identifiers

CVE-2019-15880

FREEBSD-SA-20_16

Affected Products

Freebsd

PT-2020-9768 · Freebsd · Freebsd

CVE-2019-15880

Weakness Enumeration

Related Identifiers

Affected Products

References · 7