FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Linux compatibility layer setgroups(2) system call

Affected packages
10.2 <= FreeBSD-kernel < 10.2_9
10.1 <= FreeBSD-kernel < 10.1_26
9.3 <= FreeBSD-kernel < 9.3_33

Details

VuXML ID 798f63e0-600a-11e6-a6c3-14dae9d210b8
Discovery 2016-01-14
Entry 2016-08-11

Problem Description:

A programming error in the Linux compatibility layer setgroups(2) system call can lead to an unexpected results, such as overwriting random kernel memory contents.

Impact:

It is possible for a local attacker to overwrite portions of kernel memory, which may result in a privilege escalation or cause a system panic.

References

CVE Name CVE-2016-1881
FreeBSD Advisory SA-16:04.linux

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.