CVE-2019-15879

HIGH

FreeBSD <12.1-STABLE r356908, 11.3-STABLE r356908 - Use After Free

Title source: llm
STIX 2.1

Description

In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-STABLE before r356908, and 11.3-RELEASE before p9, a race condition in the cryptodev module permitted a data structure in the kernel to be used after it was freed, allowing an unprivileged process can overwrite arbitrary kernel memory.

References (2)

Scores

CVSS v3 7.4
EPSS 0.0033
EPSS Percentile 55.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Details

CWE
CWE-772 CWE-362
Status published
Products (2)
freebsd/freebsd 11.3 (9 CPE variants)
freebsd/freebsd 12.1 (5 CPE variants)
Published May 13, 2020
Tracked Since Feb 18, 2026