FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- File description reference count leak

Affected packages
12.0 <= FreeBSD-kernel < 12.0_8
11.2 <= FreeBSD-kernel < 11.2_12
11.3 <= FreeBSD-kernel < 11.3_1

Details

VuXML ID 0d3f99f7-b30c-11e9-a87f-a4badb2f4699
Discovery 2019-07-24
Entry 2019-07-30

Problem Description:

If a process attempts to transmit rights over a UNIX-domain socket and an error causes the attempt to fail, references acquired on the rights are not released and are leaked. This bug can be used to cause the reference counter to wrap around and free the corresponding file structure.

Impact:

A local user can exploit the bug to gain root privileges or escape from a jail.

References

CVE Name CVE-2019-5607
FreeBSD Advisory SA-19:17.fd