CVE-2019-5606
HIGHFreeBSD Use-After-Free in posix_openpt Descriptor Close
Title source: llmDescription
In FreeBSD 12.0-STABLE before r349805, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r349806, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, code which handles close of a descriptor created by posix_openpt fails to undo a signal configuration. This causes an incorrect signal to be raised leading to a write after free of kernel memory allowing a malicious user to gain root privileges or escape a jail.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
x_refsource_freebsd
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:13.pts.asc
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/153748/FreeBSD-Security-Advisory-FreeBSD-SA-19-13.pts.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190814-0003/
Scores
CVSS v3
7.8
EPSS
0.0007
EPSS Percentile
21.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (4)
freebsd/freebsd
11.0
freebsd/freebsd
11.2
freebsd/freebsd
11.3
freebsd/freebsd
12.0
Published
Jul 26, 2019
Tracked Since
Feb 18, 2026