FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Insufficient ixl(4) ioctl(2) privilege checking

Affected packages
12.1 <= FreeBSD-kernel < 12.1_3

Details

VuXML ID b2b83761-6a09-11ea-92ab-00163e433440
Discovery 2020-03-19
Entry 2020-03-19

Problem Description:

The driver-specific ioctl(2) command handlers in ixl(4) failed to check whether the caller has sufficient privileges to perform the corresponding operation.

Impact:

The ixl(4) handler permits unprivileged users to trigger updates to the device's non-volatile memory (NVM).

References

CVE Name CVE-2019-15877
FreeBSD Advisory SA-20:06.if_ixl_ioctl

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.