CVE-2019-5607
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In FreeBSD 12.0-STABLE before r350222, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350223, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, rights transmitted over a domain socket did not properly release a reference on transmission error allowing a malicious user to cause the reference counter to wrap, forcing a free event. This could allow a malicious local user to gain root privileges or escape from a jail.
En FreeBSD versión 12.0-STABLE anterior a r350222, versión 12.0-RELEASE anterior a 12.0-RELEASE-p8, versión 11.3-STABLE anterior a r350223, versión 11.3-RELEASE anterior a 11.3-RELEASE-p1, y versión 11.2-RELEASE anterior a 11.2-RELEASE-p12, los derechos transmitidos por un socket de dominio no liberan apropiadamente una referencia en un error de transmisión permitiendo a un usuario malicioso causar que el contador de referencia se ajuste, forzando una liberación de evento. Esto podría permitir a un usuario local malicioso alcanzar privilegios de root o escapar de una jaula.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-07 CVE Reserved
- 2019-07-25 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-404: Improper Resource Shutdown or Release
- CWE-682: Incorrect Calculation
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/153755/FreeBSD-Security-Advisory-FreeBSD-SA-19-17.fd.html | Third Party Advisory |
|
| https://security.netapp.com/advisory/ntap-20190814-0003 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-19:17.fd.asc | 2023-02-01 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 11.0 Search vendor "Freebsd" for product "Freebsd" and version "11.0" | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 11.2 Search vendor "Freebsd" for product "Freebsd" and version "11.2" | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 11.3 Search vendor "Freebsd" for product "Freebsd" and version "11.3" | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 12.0 Search vendor "Freebsd" for product "Freebsd" and version "12.0" | - |
Affected
| ||||||