← Back

CVE-2021-29628

nvd nist
Published: May 28, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

In FreeBSD 13.0-STABLE before n245764-876ffe28796c, 12.2-STABLE before r369857, 13.0-RELEASE before p1, and 12.2-RELEASE before p7, a system call triggering a fault could cause SMAP protections to be disabled for the duration of the system call. This weakness could be combined with other kernel bugs to craft an exploit.

Affected (13)

Products: Freebsd: Freebsd
Freebsd
1 product
Freebsd
Configuration A
13 vulnerable
Vulnerable SoftwareAffected Versions
Freebsd
Freebsd
Version 12.2
Freebsd
Version 12.2 beta1-p1
Freebsd
Version 12.2 p1
Freebsd
Version 12.2 p2
Freebsd
Version 12.2 p3
Freebsd
Version 12.2 p4
Freebsd
Version 12.2 p5
Freebsd
Version 12.2 p6
Freebsd
Version 13.0
Freebsd
Version 13.0 beta3-p1
Freebsd
Version 13.0 rc3
Freebsd
Version 13.0 rc4
Freebsd
Version 13.0 rc5-p1

Related CWEs

CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (4)

Source: secteam@freebsd.org
ExploitVendor Advisory
Source: secteam@freebsd.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.