vulnerability

FreeBSD: VID-8DB74C04-D794-11EA-88F8-901B0EF719AB (CVE-2020-7460): FreeBSD -- sendmsg(2) privilege escalation

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:M/Au:S/C:C/I:C/A:C)	Aug 5, 2020	Aug 6, 2020	Jan 28, 2025

Severity

CVSS

(AV:L/AC:M/Au:S/C:C/I:C/A:C)

Published

Aug 5, 2020

Added

Aug 6, 2020

Modified

Jan 28, 2025

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-8DB74C04-D794-11EA-88F8-901B0EF719AB:

Problem Description:

When handling a 32-bit sendmsg(2) call, the compat32 subsystem copies the

control message to be transmitted (if any) into kernel memory, and adjusts

alignment of control message headers. The code which performs this work

contained a time-of-check to time-of-use (TOCTOU) vulnerability which allows a

malicious userspace program to modify control message headers after they were

validated by the kernel.

Impact:

The TOCTOU bug can be exploited by an unprivileged malicious userspace program

to trigger privilege escalation.

Solutions

freebsd-upgrade-base-11_3-release-p12freebsd-upgrade-base-11_4-release-p2freebsd-upgrade-base-12_1-release-p8

References

NVD-CVE-2020-7460

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today