CVE-2020-25579

Name of the Vulnerable Software and Affected Versions: FreeBSD versions 12.2-STABLE before r368969 FreeBSD versions 11.4-STABLE before r369047 FreeBSD versions 12.2-RELEASE before p3 FreeBSD versions 12.1-RELEASE before p13 FreeBSD versions 11.4-RELEASE before p7

Description: The issue is related to the msdosfs(5) component, which was failing to zero-fill a pair of padding fields in the dirent structure. This resulted in a leak of three uninitialized bytes.

Recommendations: For FreeBSD versions 12.2-STABLE before r368969, update to a version after r368969. For FreeBSD versions 11.4-STABLE before r369047, update to a version after r369047. For FreeBSD versions 12.2-RELEASE before p3, update to a version after p3. For FreeBSD versions 12.1-RELEASE before p13, update to a version after p13. For FreeBSD versions 11.4-RELEASE before p7, update to a version after p7.