CVE-2020-7463

Name of the Vulnerable Software and Affected Versions: FreeBSD versions 11.3-RELEASE through 11.3-RELEASE before p13 FreeBSD versions 11.4-RELEASE through 11.4-RELEASE before p3 FreeBSD versions 12.1-RELEASE through 12.1-RELEASE before p9 FreeBSD versions 11.4-STABLE through 11.4-STABLE before r364651 FreeBSD versions 12.1-STABLE through 12.1-STABLE before r364644

Description: The issue is caused by improper handling in the kernel, resulting in a use-after-free bug when sending large user messages from multiple threads on the same SCTP socket. This may lead to unintended kernel behavior, including a kernel panic. Improved memory management has been implemented to address the use-after-free issue.

Recommendations: For FreeBSD versions 11.3-RELEASE through 11.3-RELEASE before p13, update to a version after p13. For FreeBSD versions 11.4-RELEASE through 11.4-RELEASE before p3, update to a version after p3. For FreeBSD versions 12.1-RELEASE through 12.1-RELEASE before p9, update to a version after p9. For FreeBSD versions 11.4-STABLE through 11.4-STABLE before r364651, update to a version after r364651. For FreeBSD versions 12.1-STABLE through 12.1-STABLE before r364644, update to a version after r364644.