Описание
In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD before 7, a NULL pointer dereference was found in the Linux emulation layer that allows attackers to crash the running kernel. During binary interaction, td->td_emuldata in sys/compat/linux/linux_emul.h is not getting initialized and returns NULL from em_find().
Ссылки
- Vendor Advisory
- Release NotesVendor Advisory
- Vendor Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.6 (исключая)Версия от 1.3 (включая) до 2020-08-19 (включая)
Одно из
cpe:2.3:a:midnightbsd:midnightbsd:*:*:*:*:*:*:*:*
cpe:2.3:a:midnightbsd:midnightbsd:*:*:*:*:*:*:*:*
Конфигурация 2Версия до 7.0 (включая)
cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
EPSS
Процентиль: 10%
0.00036
Низкий
5.5 Medium
CVSS3
4.9 Medium
CVSS2
Дефекты
CWE-476
Связанные уязвимости
github
больше 3 лет назад
In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD before 7, a NULL pointer dereference was found in the Linux emulation layer that allows attackers to crash the running kernel. During binary interaction, td->td_emuldata in sys/compat/linux/linux_emul.h is not getting initialized and returns NULL from em_find().
EPSS
Процентиль: 10%
0.00036
Низкий
5.5 Medium
CVSS3
4.9 Medium
CVSS2
Дефекты
CWE-476