CVE-2019-5603

HIGH

FreeBSD mqueuefs Improper Resource Shutdown or Release

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-5603. PoCs published by raymontag.

AI-analyzed exploit summary This is a privilege escalation exploit for FreeBSD's mqueuefs vulnerabilities (CVE-2019-5603). It leverages a use-after-free (UaF) condition to manipulate file descriptors and escalate privileges by targeting /etc/libmap.conf.

Description

In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350263, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, system calls operating on file descriptors as part of mqueuefs did not properly release the reference allowing a malicious user to overflow the counter allowing access to files, directories, and sockets opened by processes owned by other users.

Exploits (1)

nomisec WORKING POC 1 stars

by raymontag · poc

https://github.com/raymontag/CVE-2019-5603

View Code ZIP pw:eip

This is a privilege escalation exploit for FreeBSD's mqueuefs vulnerabilities (CVE-2019-5603). It leverages a use-after-free (UaF) condition to manipulate file descriptors and escalate privileges by targeting /etc/libmap.conf.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: FreeBSD (mqueuefs)

No auth needed

Prerequisites: FreeBSD system with vulnerable mqueuefs · Ability to execute code on the target system · Presence of /etc/libmap.conf

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Vendor Advisory vendor-advisory x_refsource_freebsd

https://security.FreeBSD.org/advisories/FreeBSD-SA-19:15.mqueuefs.asc

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/153752/FreeBSD-Security-Advisory-FreeBSD-SA-19-15.mqueuefs.html

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20190814-0003/

Third Party Advisory vendor-advisory x_refsource_freebsd

https://security.FreeBSD.org/advisories/FreeBSD-SA-19:24.mqueuefs.asc

Broken Link mailing-list x_refsource_bugtraq

https://seclists.org/bugtraq/2019/Aug/35

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/154172/FreeBSD-Security-Advisory-FreeBSD-SA-19-24.mqueuefs.html

Scores

CVSS v3 7.8

EPSS 0.0062

EPSS Percentile 45.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-404

Status published

Products (4)

freebsd/freebsd 11.0

freebsd/freebsd 11.2 (12 CPE variants)

freebsd/freebsd 11.3

freebsd/freebsd 12.0 (8 CPE variants)

Published Jul 26, 2019

Tracked Since Feb 18, 2026