Date: Thu, 6 Aug 2020 03:31:27 +0000 (UTC) From: Philip Paeps <philip@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r544261 - head/security/vuxml Message-ID: <202008060331.0763VR3H079049@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: philip Date: Thu Aug 6 03:31:27 2020 New Revision: 544261 URL: https://svnweb.freebsd.org/changeset/ports/544261 Log: security/vuxml: add FreeBSD SA-20:23.sendmsg Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Aug 6 03:31:22 2020 (r544260) +++ head/security/vuxml/vuln.xml Thu Aug 6 03:31:27 2020 (r544261) @@ -58,6 +58,40 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="8db74c04-d794-11ea-88f8-901b0ef719ab"> + <topic>FreeBSD -- sendmsg(2) privilege escalation</topic> + <affects> + <package> + <name>FreeBSD-kernel</name> + <range><ge>12.1</ge><lt>12.1_8</lt></range> + <range><ge>11.4</ge><lt>11.4_2</lt></range> + <range><ge>11.3</ge><lt>11.3_12</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <h1>Problem Description:</h1> + <p>When handling a 32-bit sendmsg(2) call, the compat32 subsystem copies the + control message to be transmitted (if any) into kernel memory, and adjusts + alignment of control message headers. The code which performs this work + contained a time-of-check to time-of-use (TOCTOU) vulnerability which allows a + malicious userspace program to modify control message headers after they were + validated by the kernel.</p> + <h1>Impact:</h1> + <p>The TOCTOU bug can be exploited by an unprivileged malicious userspace program + to trigger privilege escalation.</p> + </body> + </description> + <references> + <cvename>CVE-2020-7460</cvename> + <freebsdsa>SA-20:23.sendmsg</freebsdsa> + </references> + <dates> + <discovery>2020-08-05</discovery> + <entry>2020-08-06</entry> + </dates> + </vuln> + <vuln vid="9eb01384-d793-11ea-88f8-901b0ef719ab"> <topic>FreeBSD -- Potential memory corruption in USB network device drivers</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202008060331.0763VR3H079049>