CVE-2019-5596

Published: Feb 12, 2019Modified: Jun 17, 2026

8.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 2.0 / Impact: 6.0

Source: NVD

Description

In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain root privileges or escape from a jail.

Affected (2)

Products: Freebsd: Freebsd

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Freebsd Freebsd	Version 11.2
Freebsd Freebsd	Version 12.0

References (4)

http://packetstormsecurity.com/files/155790/FreeBSD-fd-Privilege-Escalation.html

Source: secteam@freebsd.org

https://security.FreeBSD.org/advisories/FreeBSD-SA-19:02.fd.asc

Source: secteam@freebsd.org

PatchThird Party Advisory

http://packetstormsecurity.com/files/155790/FreeBSD-fd-Privilege-Escalation.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.FreeBSD.org/advisories/FreeBSD-SA-19:02.fd.asc

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.