Race Condition in FreeBSD Cryptodev Module Allows Arbitrary Kernel Memory Overwrite

Race Condition in FreeBSD Cryptodev Module Allows Arbitrary Kernel Memory Overwrite

CVE-2019-15879 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-STABLE before r356908, and 11.3-RELEASE before p9, a race condition in the cryptodev module permitted a data structure in the kernel to be used after it was freed, allowing an unprivileged process can overwrite arbitrary kernel memory.

Learn more about our Web Application Penetration Testing UK.