7.5

CVE-2020-25584

In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before r369552, 11.4-STABLE before r369560, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, a superuser inside a FreeBSD jail configured with the non-default allow.mount permission could cause a race condition between the lookup of ".." and remounting a filesystem, allowing access to filesystem hierarchy outside of the jail.

Data is provided by the National Vulnerability Database (NVD)
FreebsdFreebsd Version < 11.4
FreebsdFreebsd Version >= 12.0 < 12.2
FreebsdFreebsd Version11.4 Update-
FreebsdFreebsd Version11.4 Updatebeta1
FreebsdFreebsd Version11.4 Updatep1
FreebsdFreebsd Version11.4 Updatep2
FreebsdFreebsd Version11.4 Updatep3
FreebsdFreebsd Version11.4 Updatep4
FreebsdFreebsd Version11.4 Updatep5
FreebsdFreebsd Version11.4 Updaterc1
FreebsdFreebsd Version11.4 Updaterc2
FreebsdFreebsd Version12.2 Update-
FreebsdFreebsd Version12.2 Updatep1
FreebsdFreebsd Version12.2 Updatep2
FreebsdFreebsd Version13.0 Updatebeta1
FreebsdFreebsd Version13.0 Updatebeta2
FreebsdFreebsd Version13.0 Updatebeta3
FreebsdFreebsd Version13.0 Updatebeta4
FreebsdFreebsd Version13.0 Updaterc1
FreebsdFreebsd Version13.0 Updaterc2
FreebsdFreebsd Version13.0 Updaterc3
FreebsdFreebsd Version13.0 Updaterc4
FreebsdFreebsd Version13.0 Updaterc5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.04% 0.079
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 0.8 6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov 6.2 1.9 10
AV:L/AC:H/Au:N/C:C/I:C/A:C
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.