FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- IPv6 socket option race condition and use after free

Affected packages
12.1 <= FreeBSD-kernel < 12.1_7
11.4 <= FreeBSD-kernel < 11.4_1
11.3 <= FreeBSD-kernel < 11.3_11

Details

VuXML ID c11ee146-c266-11ea-8659-901b0ef719ab
Discovery 2020-07-09
Entry 2020-07-10

Problem Description:

The IPV6_2292PKTOPTIONS set handler was missing synchronization, so racing accesses could modify freed memory.

Impact:

A malicious user application could trigger memory corruption, leading to privilege escalation.

References

CVE Name CVE-2020-7457
FreeBSD Advisory SA-20:20.ipv6