11.4

CVSS 4.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

local

low complexity

freebsd

CWE-416

NVD

Published: 2021-03-26

Updated: 2021-04-02

Summary

In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, improper mbuf handling in the kernel causes a use-after-free bug by sending IPv6 Hop-by-Hop options over the loopback interface. The use-after-free situation may result in unintended kernel behaviour including a kernel panic.

Vulnerable Configurations

Part	Description	Count
OS	Freebsd Freebsd Freebsd 11.3 Freebsd Freebsd 11.4	14

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://security.FreeBSD.org/advisories/FreeBSD-SA-20:24.ipv6.asc