FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Use after free in cryptodev module

Affected packages
12.1 <= FreeBSD-kernel < 12.1_5
11.3 <= FreeBSD-kernel < 11.3_9

Details

VuXML ID 9f15c2da-947e-11ea-92ab-00163e433440
Discovery 2020-01-20
Entry 2020-05-12

Problem Description:

A race condition permitted a data structure in the kernel to be used after it was freed by the cryptodev module.

Impact:

An unprivileged process can overwrite arbitrary kernel memory.

References

CVE Name CVE-2019-15879
FreeBSD Advisory SA-20:15.cryptodev