CVE-2019-15879 : In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-STABLE befor

In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-STABLE before r356908, and 11.3-RELEASE before p9, a race condition in the cryptodev module permitted a data structure in the kernel to be used after it was freed, allowing an unprivileged process can overwrite arbitrary kernel memory.

Published 2020-05-13 16:15:13

Updated 2020-05-18 05:15:13

Source FreeBSD

View at NVD, CVE.org

Products affected by CVE-2019-15879

Freebsd » Freebsd » Version: 11.3
cpe:2.3:o:freebsd:freebsd:11.3:-:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 11.3 Update P1
cpe:2.3:o:freebsd:freebsd:11.3:p1:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 11.3 Update P2
cpe:2.3:o:freebsd:freebsd:11.3:p2:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 11.3 Update P3
cpe:2.3:o:freebsd:freebsd:11.3:p3:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 11.3 Update P4
cpe:2.3:o:freebsd:freebsd:11.3:p4:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 11.3 Update P5
cpe:2.3:o:freebsd:freebsd:11.3:p5:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 12.1
cpe:2.3:o:freebsd:freebsd:12.1:-:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 12.1 Update P1
cpe:2.3:o:freebsd:freebsd:12.1:p1:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 12.1 Update P2
cpe:2.3:o:freebsd:freebsd:12.1:p2:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 11.3 Update P6
cpe:2.3:o:freebsd:freebsd:11.3:p6:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 11.3 Update P7
cpe:2.3:o:freebsd:freebsd:11.3:p7:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 12.1 Update P3
cpe:2.3:o:freebsd:freebsd:12.1:p3:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 11.3 Update P8
cpe:2.3:o:freebsd:freebsd:11.3:p8:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 12.1 Update P4
cpe:2.3:o:freebsd:freebsd:12.1:p4:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2019-15879

EPSS FAQ

0.33%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 53 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-15879

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.8	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:P	8.6	4.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial
7.4	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H	2.2	5.2	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: High

CWE ids for CVE-2019-15879

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Assigned by: nvd@nist.gov (Primary)
CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-15879

https://security.netapp.com/advisory/ntap-20200518-0005/

May 2020 FreeBSD Vulnerabilities in NetApp Products | NetApp Product Security

CVEs referencing this url
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:15.cryptodev.asc

Vendor Advisory

Jump to

Vulnerability Details : CVE-2019-15879

Products affected by CVE-2019-15879

Exploit prediction scoring system (EPSS) score for CVE-2019-15879

CVSS scores for CVE-2019-15879

CWE ids for CVE-2019-15879

References for CVE-2019-15879