Описание
In FreeBSD 12.1-STABLE before r356606 and 12.1-RELEASE before 12.1-RELEASE-p3, driver specific ioctl command handlers in the ixl network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to trigger updates to the device's non-volatile memory.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:freebsd:freebsd:12.1:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:12.1:p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:12.1:p2:*:*:*:*:*:*
EPSS
Процентиль: 15%
0.00047
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-862
Связанные уязвимости
github
больше 3 лет назад
In FreeBSD 12.1-STABLE before r356606 and 12.1-RELEASE before 12.1-RELEASE-p3, driver specific ioctl command handlers in the ixl network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to trigger updates to the device's non-volatile memory.
EPSS
Процентиль: 15%
0.00047
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-862