Vulnerabilities > CVE-2021-29627 - Use After Free vulnerability in Freebsd

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

freebsd

CWE-416

NVD

Published: 2021-04-07

Updated: 2022-05-27

Summary

In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string. Additional operations on the socket can lead to a double free or use after free.

Vulnerable Configurations

Part	Description	Count
OS	Freebsd Freebsd Freebsd 12.2 Freebsd Freebsd 13.0 Freebsd Freebsd 12.0 Freebsd Freebsd 12.1	36

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://security.FreeBSD.org/advisories/FreeBSD-SA-21:09.accept_filter.asc
https://security.netapp.com/advisory/ntap-20210423-0007/