CVE-2020-7463
MEDIUMFreeBSD Use-After-Free via SCTP Socket User Messages
Title source: llmDescription
In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic.
References (13)
Core 13
Core References
Vendor Advisory x_refsource_misc
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:25.sctp.asc
Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT212317
Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT212319
Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT212325
Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT212323
Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT212324
Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT212321
Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT212318
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2021/Apr/49
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2021/Apr/50
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2021/Apr/59
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2021/Apr/58
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2021/Apr/57
Scores
CVSS v3
5.5
EPSS
0.0005
EPSS Percentile
15.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-416
Status
published
Products (12)
apple/icloud
< 12.3
apple/ipados
< 14.5
apple/iphone_os
< 14.5
apple/itunes
< 12.11.3
apple/macos
11.0 - 11.3
apple/safari
< 14.1
apple/tvos
< 14.5
apple/watchos
< 7.4
freebsd/freebsd
11.3 (13 CPE variants)
freebsd/freebsd
11.4 (3 CPE variants)
... and 2 more
Published
Mar 26, 2021
Tracked Since
Feb 18, 2026