FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6b90acba-6a0a-11ea-92ab-00163e433440FreeBSD -- Kernel memory disclosure with nested jails

Problem Description:

A missing NUL-termination check for the jail_set(2) configration option "osrelease" may return more bytes when reading the jail configuration back with jail_get(2) than were originally set.

Impact:

For jails with a non-default setting of children.max > 0 ("nested jails") a superuser inside a jail can create a jail and may be able to read and take advantage of exposed kernel memory.


Discovery 2020-03-19
Entry 2020-03-19
FreeBSD-kernel
ge 12.1 lt 12.1_3

ge 11.3 lt 11.3_7

CVE-2020-7453
SA-20:08.jail