CVE-2021-29628 : In FreeBSD 13.0-STABLE before n245764-876ffe28796c, 12.2-STABLE before r369857,

In FreeBSD 13.0-STABLE before n245764-876ffe28796c, 12.2-STABLE before r369857, 13.0-RELEASE before p1, and 12.2-RELEASE before p7, a system call triggering a fault could cause SMAP protections to be disabled for the duration of the system call. This weakness could be combined with other kernel bugs to craft an exploit.

Published 2021-05-28 15:15:09

Updated 2022-05-16 20:55:21

Source FreeBSD

View at NVD, CVE.org

Products affected by CVE-2021-29628

Freebsd » Freebsd » Version: 12.2
cpe:2.3:o:freebsd:freebsd:12.2:-:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 12.2 Update P1
cpe:2.3:o:freebsd:freebsd:12.2:p1:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 12.2 Update P2
cpe:2.3:o:freebsd:freebsd:12.2:p2:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 13.0 Update RC3
cpe:2.3:o:freebsd:freebsd:13.0:rc3:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 13.0 Update RC4
cpe:2.3:o:freebsd:freebsd:13.0:rc4:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 12.2 Update P3
cpe:2.3:o:freebsd:freebsd:12.2:p3:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 12.2 Update P4
cpe:2.3:o:freebsd:freebsd:12.2:p4:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 13.0 Update Beta3-p1
cpe:2.3:o:freebsd:freebsd:13.0:beta3-p1:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 12.2 Update P5
cpe:2.3:o:freebsd:freebsd:12.2:p5:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 13.0 Update Rc5-p1
cpe:2.3:o:freebsd:freebsd:13.0:rc5-p1:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 12.2 Update P6
cpe:2.3:o:freebsd:freebsd:12.2:p6:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 13.0
cpe:2.3:o:freebsd:freebsd:13.0:-:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 12.2 Update Beta1-p1
cpe:2.3:o:freebsd:freebsd:12.2:beta1-p1:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-29628

EPSS FAQ

0.39%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 58 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-29628

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None

CWE ids for CVE-2021-29628

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-29628

https://security.FreeBSD.org/advisories/FreeBSD-SA-21:11.smap.asc

Exploit;Vendor Advisory
https://security.netapp.com/advisory/ntap-20210713-0002/

CVE-2021-29628 FreeBSD Vulnerability in NetApp Products | NetApp Product Security
Third Party Advisory

Jump to

Vulnerability Details : CVE-2021-29628

Products affected by CVE-2021-29628

Exploit prediction scoring system (EPSS) score for CVE-2021-29628

CVSS scores for CVE-2021-29628

CWE ids for CVE-2021-29628

References for CVE-2021-29628