This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-24 21:00:48 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
5027b62e-f680-11e9-a87f-a4badb2f4699 | FreeBSD -- kernel memory disclosure from /dev/midistatProblem Description:The kernel driver for /dev/midistat implements a handler for read(2). This handler is not thread-safe, and a multi-threaded program can exploit races in the handler to cause it to copy out kernel memory outside the boundaries of midistat's data buffer. Impact:The races allow a program to read kernel memory within a 4GB window centered at midistat's data buffer. The buffer is allocated each time the device is opened, so an attacker is not limited to a static 4GB region of memory. On 32-bit platforms, an attempt to trigger the race may cause a page fault in kernel mode, leading to a panic. Discovery 2019-08-20 Entry 2019-10-24 FreeBSD-kernel ge 12.0 lt 12.0_10 ge 11.3 lt 11.3_3 ge 11.2 lt 11.2_14 CVE-2019-5612 SA-19:23.midi |