vulnerability

FreeBSD: VID-BB53AF7B-F7E4-11EA-88F8-901B0EF719AB (CVE-2020-7464): FreeBSD -- ure device driver susceptible to packet-in-packet attack

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	Sep 15, 2020	Sep 17, 2020	Apr 5, 2021

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Sep 15, 2020

Added

Sep 17, 2020

Modified

Apr 5, 2021

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-BB53AF7B-F7E4-11EA-88F8-901B0EF719AB:

Problem Description:

A programming error in the ure(4) device driver caused some Realtek USB

Ethernet interfaces to incorrectly report packets with more than 2048 bytes

in a single USB transfer as having a length of only 2048 bytes.

An adversary can exploit this to cause the driver to misinterpret part of the

payload of a large packet as a separate packet, and thereby inject packets

across security boundaries such as VLANs.

Impact:

An attacker that can send large frames (larger than 2048 bytes in size) to be

received by the host (be it VLAN, or non-VLAN tagged packet), can inject

arbitrary packets to be received and processed by the host. This includes

spoofing packets from other hosts, or injecting packets to other VLANs than

the host is on.

Solution(s)

freebsd-upgrade-base-11_3-release-p14freebsd-upgrade-base-11_4-release-p4freebsd-upgrade-base-12_1-release-p10

References

NVD-CVE-2020-7464

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today