CVE-2021-29626

EPSS 0.14%
Published 07.04.2021 15:15:13
Last modified 21.11.2024 06:01:31
Source secteam@freebsd.org
Teams watchlist Login
Open Login

In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to invalidate shared memory page mappings between multiple processes allowing an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Freebsd ≫ Freebsd Version < 11.4

Freebsd ≫ Freebsd Version >= 12.0 < 12.2

Freebsd ≫ Freebsd Version11.4 Update-

Freebsd ≫ Freebsd Version11.4 Updatebeta1

Freebsd ≫ Freebsd Version11.4 Updatep1

Freebsd ≫ Freebsd Version11.4 Updatep2

Freebsd ≫ Freebsd Version11.4 Updatep3

Freebsd ≫ Freebsd Version11.4 Updatep4

Freebsd ≫ Freebsd Version11.4 Updatep5

Freebsd ≫ Freebsd Version11.4 Updaterc1

Freebsd ≫ Freebsd Version11.4 Updaterc2

Freebsd ≫ Freebsd Version12.2 Update-

Freebsd ≫ Freebsd Version12.2 Updatep1

Freebsd ≫ Freebsd Version12.2 Updatep2

Freebsd ≫ Freebsd Version13.0 Updatebeta1

Freebsd ≫ Freebsd Version13.0 Updatebeta2

Freebsd ≫ Freebsd Version13.0 Updatebeta3

Freebsd ≫ Freebsd Version13.0 Updatebeta4

Freebsd ≫ Freebsd Version13.0 Updaterc1

Freebsd ≫ Freebsd Version13.0 Updaterc2

Freebsd ≫ Freebsd Version13.0 Updaterc3

Freebsd ≫ Freebsd Version13.0 Updaterc4

Freebsd ≫ Freebsd Version13.0 Updaterc5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.14%	0.345

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://security.FreeBSD.org/advisories/FreeBSD-SA-21:08.vm.asc

Vendor Advisory

https://security.netapp.com/advisory/ntap-20210423-0008/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-29626

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-29626

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-29626

EUVD