vulnerability
FreeBSD: VID-5027b62e-f680-11e9-a87f-a4badb2f4699 (CVE-2019-5612): FreeBSD -- kernel memory disclosure from /dev/midistat
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Oct 24, 2019 | Dec 10, 2025 | Dec 10, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Oct 24, 2019
Added
Dec 10, 2025
Modified
Dec 10, 2025
Description
Problem Description: The kernel driver for /dev/midistat implements a handler for read(2). This handler is not thread-safe, and a multi-threaded program can exploit races in the handler to cause it to copy out kernel memory outside the boundaries of midistat's data buffer. Impact: The races allow a program to read kernel memory within a 4GB window centered at midistat's data buffer. The buffer is allocated each time the device is opened, so an attacker is not limited to a static 4GB region of memory. On 32-bit platforms, an attempt to trigger the race may cause a page fault in kernel mode, leading to a panic.
Solutions
freebsd-upgrade-base-12_0-release-p10freebsd-upgrade-base-11_3-release-p3freebsd-upgrade-base-11_2-release-p14
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.