7.8

CVE-2019-5612

In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. A multi-threaded program can exploit races in the handler to copy out kernel memory outside the boundaries of midistat's data buffer.

Data is provided by the National Vulnerability Database (NVD)
FreebsdFreebsd Version11.2 Update-
FreebsdFreebsd Version11.2 Updatep10
FreebsdFreebsd Version11.2 Updatep11
FreebsdFreebsd Version11.2 Updatep12
FreebsdFreebsd Version11.2 Updatep13
FreebsdFreebsd Version11.2 Updatep2
FreebsdFreebsd Version11.2 Updatep3
FreebsdFreebsd Version11.2 Updatep4
FreebsdFreebsd Version11.2 Updatep5
FreebsdFreebsd Version11.2 Updatep6
FreebsdFreebsd Version11.2 Updatep7
FreebsdFreebsd Version11.2 Updatep8
FreebsdFreebsd Version11.2 Updatep9
FreebsdFreebsd Version11.3
FreebsdFreebsd Version11.3 Update-
FreebsdFreebsd Version11.3 Updatep1
FreebsdFreebsd Version11.3 Updatep2
FreebsdFreebsd Version11.3 Updatep3
FreebsdFreebsd Version12.0 Update-
FreebsdFreebsd Version12.0 Updatep1
FreebsdFreebsd Version12.0 Updatep3
FreebsdFreebsd Version12.0 Updatep4
FreebsdFreebsd Version12.0 Updatep5
FreebsdFreebsd Version12.0 Updatep8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.3% 0.502
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.