FreeBSD: VID-8EED0C5C-3482-11EB-B87A-901B0EF719AB (CVE-2020-7469): FreeBSD -- ICMPv6 use-after-free in error message handling
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-8EED0C5C-3482-11EB-B87A-901B0EF719AB:
Problem Description:
When an ICMPv6 error message is received, the FreeBSD ICMPv6 stack
may extract information from the message to hand to upper-layer
protocols. As a part of this operation, it may parse IPv6 header
options from a packet embedded in the ICMPv6 message.
The handler for a routing option caches a pointer into the packet
buffer holding the ICMPv6 message. However, when processing
subsequent options the packet buffer may be freed, rendering the
cached pointer invalid. The network stack may later dereference the
pointer, potentially triggering a use-after-free.
Impact:
A remote host may be able to trigger a read of freed kernel memory.
This may trigger a kernel panic if the address had been unmapped.
Solution(s)
- freebsd-upgrade-base-11_4-release-p5
- freebsd-upgrade-base-12_1-release-p11
- freebsd-upgrade-base-12_2-release-p1
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center