FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- IPv6 socket option race condition and use after free

Affected packages
12.1	<=	FreeBSD-kernel	<	12.1_7
11.4	<=	FreeBSD-kernel	<	11.4_1
11.3	<=	FreeBSD-kernel	<	11.3_11

Details

VuXML ID	c11ee146-c266-11ea-8659-901b0ef719ab
Discovery	2020-07-09
Entry	2020-07-10

Problem Description:

The IPV6_2292PKTOPTIONS set handler was missing synchronization, so racing accesses could modify freed memory.

Impact:

A malicious user application could trigger memory corruption, leading to privilege escalation.

References

CVE Name	CVE-2020-7457
FreeBSD Advisory	SA-20:20.ipv6

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.