CVE-2021-29626

Name of the Vulnerable Software and Affected Versions FreeBSD versions 13.0-STABLE before n245117 FreeBSD versions 12.2-STABLE before r369551 FreeBSD versions 11.4-STABLE before r369559 FreeBSD versions 13.0-RC5 before p1 FreeBSD versions 12.2-RELEASE before p6 FreeBSD versions 11.4-RELEASE before p9

Description The issue is related to the use of memory after it has been freed, which can allow an unauthorized party to gain access to protected information. Specifically, the copy-on-write logic failed to invalidate shared memory page mappings between multiple processes, allowing an unprivileged process to maintain a mapping after it is freed. This enables the process to read private data belonging to other processes or the kernel.

Recommendations For FreeBSD versions 13.0-STABLE before n245117, update to a version after n245117. For FreeBSD versions 12.2-STABLE before r369551, update to a version after r369551. For FreeBSD versions 11.4-STABLE before r369559, update to a version after r369559. For FreeBSD versions 13.0-RC5 before p1, update to a version after p1. For FreeBSD versions 12.2-RELEASE before p6, update to a version after p6. For FreeBSD versions 11.4-RELEASE before p9, update to a version after p9.