FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- USB HID descriptor parsing error

Affected packages
12.1 <= FreeBSD-kernel < 12.1_6
11.3 <= FreeBSD-kernel < 11.3_10

Details

VuXML ID 32c92a75-aa71-11ea-92ab-00163e433440
Discovery 2020-06-03
Entry 2020-06-09

Problem Description:

If the push/pop level of the USB HID state is not restored within the processing of the same HID item, an invalid memory location may be used for subsequent HID item processing.

Impact:

An attacker with physical access to a USB port may be able to use a specially crafted USB device to gain kernel or user-space code execution.

References

CVE Name CVE-2020-7456
FreeBSD Advisory SA-20:17.usb