Vulnerabilities > CVE-2020-24385 - NULL Pointer Dereference vulnerability in multiple products

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
midnightbsd
freebsd
CWE-476

Summary

In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD before 7, a NULL pointer dereference was found in the Linux emulation layer that allows attackers to crash the running kernel. During binary interaction, td->td_emuldata in sys/compat/linux/linux_emul.h is not getting initialized and returns NULL from em_find().

Vulnerable Configurations

Part Description Count
Application
Midnightbsd
51
OS
Freebsd
422

Common Weakness Enumeration (CWE)