vulnerability
FreeBSD: VID-3C10CCDF-6A09-11EA-92AB-00163E433440 (CVE-2019-15876): FreeBSD -- Insufficient oce(4) ioctl(2) privilege checking
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:N/C:N/I:P/A:N) | 2020-03-19 | 2020-03-20 | 2020-10-20 |
Severity
2
CVSS
(AV:L/AC:L/Au:N/C:N/I:P/A:N)
Published
2020-03-19
Added
2020-03-20
Modified
2020-10-20
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-3C10CCDF-6A09-11EA-92AB-00163E433440:
Problem Description:
The driver-specific ioctl(2) command handlers in oce(4) failed to
check whether the caller has sufficient privileges to perform the
corresponding operation.
Impact:
The oce(4) handler permits unprivileged users to send passthrough
commands to device firmware.
Solution(s)
freebsd-upgrade-base-11_3-release-p7freebsd-upgrade-base-12_1-release-p3
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.