This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-25 11:22:49 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
f8e1e2a6-9791-11eb-b87a-901b0ef719ab | FreeBSD -- double free in accept_filter(9) socket configuration interfaceProblem Description:An unprivileged process can configure an accept filter on a listening socket. This is done using the setsockopt(2) system call. The process supplies the name of the accept filter which is to be attached to the socket, as well as a string containing filter-specific information. If the filter implements the accf_create callback, the socket option handler attempts to preserve the process-supplied argument string. A bug in the socket option handler caused this string to be freed prematurely, leaving a dangling pointer. Additional operations on the socket can turn this into a double free or a use-after-free. Impact:The bug may be exploited to trigger local privilege escalation or kernel memory disclosure. Discovery 2021-04-06 Entry 2021-04-07 FreeBSD-kernel ge 12.2 lt 12.2_6 CVE-2021-29627 SA-21:09.accept_filter |