vulnerability

FreeBSD: VID-9EB01384-D793-11EA-88F8-901B0EF719AB (CVE-2020-7459): FreeBSD -- Potential memory corruption in USB network device drivers

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:N/C:P/I:P/A:P)	Aug 5, 2020	Aug 6, 2020	Oct 20, 2020

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:P/A:P)

Published

Aug 5, 2020

Added

Aug 6, 2020

Modified

Oct 20, 2020

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-9EB01384-D793-11EA-88F8-901B0EF719AB:

Problem Description:

A missing length validation code common to these three drivers means that a

malicious USB device could write beyond the end of an allocated network

packet buffer.

Impact:

An attacker with physical access to a USB port and the ability to bring a

network interface up may be able to use a specially crafted USB device to

gain kernel or user-space code execution.

Solution(s)

freebsd-upgrade-base-11_3-release-p12freebsd-upgrade-base-11_4-release-p2freebsd-upgrade-base-12_1-release-p8

References

NVD-CVE-2020-7459

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today