CVE-2019-15879

HIGH

FreeBSD <12.1-STABLE r356908, 11.3-STABLE r356908 - Use After Free

Title source: llm

Description

In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-STABLE before r356908, and 11.3-RELEASE before p9, a race condition in the cryptodev module permitted a data structure in the kernel to be used after it was freed, allowing an unprivileged process can overwrite arbitrary kernel memory.

References (2)

Scores

CVSS v3 7.4
EPSS 0.0033
EPSS Percentile 55.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Classification

CWE
CWE-772 CWE-362
Status published

Affected Products (14)

freebsd/freebsd
freebsd/freebsd
freebsd/freebsd
freebsd/freebsd
freebsd/freebsd
freebsd/freebsd
freebsd/freebsd
freebsd/freebsd
freebsd/freebsd
freebsd/freebsd
freebsd/freebsd
freebsd/freebsd
freebsd/freebsd
freebsd/freebsd

Timeline

Published May 13, 2020
Tracked Since Feb 18, 2026