vulnerability

FreeBSD: VID-9eb01384-d793-11ea-88f8-901b0ef719ab (CVE-2020-7459): FreeBSD -- Potential memory corruption in USB network device drivers

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:N/C:P/I:P/A:P)	Aug 6, 2020	Aug 6, 2020	Dec 10, 2025

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:P/A:P)

Published

Aug 6, 2020

Added

Aug 6, 2020

Modified

Dec 10, 2025

Description

Problem Description: A missing length validation code common to these three drivers means that a malicious USB device could write beyond the end of an allocated network packet buffer. Impact: An attacker with physical access to a USB port and the ability to bring a network interface up may be able to use a specially crafted USB device to gain kernel or user-space code execution.

Solutions

freebsd-upgrade-base-12_1-release-p8freebsd-upgrade-base-11_4-release-p2freebsd-upgrade-base-11_3-release-p12

References

CVE-2020-7459
https://attackerkb.com/topics/CVE-2020-7459
CWE-20

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today