11.4

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

freebsd

CWE-416

NVD

Published: 2021-03-26

Updated: 2021-04-02

Summary

In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, improper mbuf handling in the kernel causes a use-after-free bug by sending IPv6 Hop-by-Hop options over the loopback interface. The use-after-free situation may result in unintended kernel behaviour including a kernel panic.

Vulnerable Configurations

Part	Description	Count
OS	Freebsd Freebsd Freebsd 11.3 Freebsd Freebsd 11.4	14

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://security.FreeBSD.org/advisories/FreeBSD-SA-20:24.ipv6.asc