CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-15880
https://notcve.org/view.php?id=CVE-2019-15880
In FreeBSD 12.1-STABLE before r356911, and 12.1-RELEASE before p5, insufficient checking in the cryptodev module allocated the size of a kernel buffer based on a user-supplied length allowing an unprivileged process to trigger a kernel panic. En FreeBSD versiones 12.1-STABLE anteriores a r356911 y versiones 12.1-RELEASE anteriores a p5, una comprobación insuficiente en el módulo cryptodev asignó el tamaño de un búfer del kernel basado en una longitud suministrada por el usuario permitiendo a un proceso no privilegiado desencadenar un pánico del kernel. • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:16.cryptodev.asc https://security.netapp.com/advisory/ntap-20200518-0008 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.4EPSS: 0%CPEs: 14EXPL: 0CVE-2019-15879
https://notcve.org/view.php?id=CVE-2019-15879
In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-STABLE before r356908, and 11.3-RELEASE before p9, a race condition in the cryptodev module permitted a data structure in the kernel to be used after it was freed, allowing an unprivileged process can overwrite arbitrary kernel memory. En FreeBSD versiones 12.1-STABLE anteriores a r352509, versiones 11.3-STABLE anteriores a r352509 y versiones 11.3-RELEASE anteriores a p9, una condición de carrera en el módulo cryptodev permitía utilizar una estructura de datos en el kernel después de liberarla, permitiendo a un proceso no privilegiado poder sobrescribir la memoria del kernel arbitrariamente. • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:15.cryptodev.asc https://security.netapp.com/advisory/ntap-20200518-0005 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2019-15878
https://notcve.org/view.php?id=CVE-2019-15878
In FreeBSD 12.1-STABLE before r352509, 11.3-STABLE before r352509, and 11.3-RELEASE before p9, an unprivileged local user can trigger a use-after-free situation due to improper checking in SCTP when an application tries to update an SCTP-AUTH shared key. En FreeBSD versiones 12.1-STABLE anteriores a r352509, versiones 11.3-STABLE anteriores a r352509 y versiones 11.3-RELEASE anteriores a p9, un usuario local no privilegiado puede desencadenar una situación de uso de la memoria previamente liberada debido a una comprobación inapropiada en SCTP cuando una aplicación intenta actualizar una clave compartida SCTP-AUTH. • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:14.sctp.asc https://security.netapp.com/advisory/ntap-20200518-0007 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2020-7455 – FreeBSD Kernel NAT Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-7455
In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-STABLE before r360973, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, the FTP packet handler in libalias incorrectly calculates some packet length allowing disclosure of small amounts of kernel (for kernel NAT) or natd process space (for userspace natd). En FreeBSD versiones 12.1-STABLE anteriores a r360973, versiones 12.1-RELEASE anteriores a p5, versiones 11.4-STABLE anteriores a r360973, versiones 11.4-BETA1 anteriores a p1 y versiones 11.3-RELEASE anteriores a p9, el manejador de paquetes FTP en libalias calcula incorrectamente la longitud de algunos paquetes permitiendo divulgar pequeñas cantidades del kernel (para el kernel NAT) o espacio de proceso natd (para el espacio de usuario natd). This vulnerability allows local attackers to disclose sensitive information on affected installations of FreeBSD Kernel. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of NAT. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:13.libalias.asc https://security.netapp.com/advisory/ntap-20200518-0005 https://www.zerodayinitiative.com/advisories/ZDI-20-661 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 9.8EPSS: 8%CPEs: 16EXPL: 0CVE-2020-7454 – FreeBSD Kernel NAT Out-Of-Bounds Access Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-7454
In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-STABLE before r360971, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, libalias does not properly validate packet length resulting in modules causing an out of bounds read/write condition if no checking was built into the module. En FreeBSD versiones 12.1-STABLE anteriores a r360971, versiones 12.1-RELEASE anteriores a p5, versiones 11.4-STABLE anteriores a r360971, versiones 11.4-BETA1 anteriores a p1 y versiones 11.3-RELEASE anteriores p9, libalias no comprueba apropiadamente la longitud del paquete resultando en módulos que causan una condición de lectura y escritura fuera de límites si ninguna comprobación fue incorporada dentro del módulo. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FreeBSD Kernel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of NAT. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:12.libalias.asc https://security.netapp.com/advisory/ntap-20200518-0005 https://www.zerodayinitiative.com/advisories/ZDI-20-659 https://www.zerodayinitiative.com/advisories/ZDI-20-660 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •