This page displays vulnerability information about FreeBSD Ports.
The last vuln.xml file processed by FreshPorts is:
nothing found there
List all Vulnerabilities, by package
List all Vulnerabilities, by date
These are the vulnerabilities relating to the commit you have selected:
|8db74c04-d794-11ea-88f8-901b0ef719ab||FreeBSD -- sendmsg(2) privilege escalation|
When handling a 32-bit sendmsg(2) call, the compat32 subsystem copies the control message to be transmitted (if any) into kernel memory, and adjusts alignment of control message headers. The code which performs this work contained a time-of-check to time-of-use (TOCTOU) vulnerability which allows a malicious userspace program to modify control message headers after they were validated by the kernel.
The TOCTOU bug can be exploited by an unprivileged malicious userspace program to trigger privilege escalation.
ge 12.1 lt 12.1_8
ge 11.4 lt 11.4_2
ge 11.3 lt 11.3_12