Description
FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges.
References (1)
Core 1
Core References
Broken Link vendor-advisory
x_refsource_freebsd
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:03.amd64.asc
Scores
CVSS v3
7.8
EPSS
0.0038
EPSS Percentile
29.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-909
Status
published
Products (1)
freebsd/freebsd
5.0 - 5.4
Published
May 02, 2005
Tracked Since
Feb 18, 2026