CVE-2021-29628

Exploit

EPSS 0.24%
Published 28.05.2021 15:15:08
Last modified 21.11.2024 06:01:31
Source secteam@freebsd.org
Teams watchlist Login
Open Login

In FreeBSD 13.0-STABLE before n245764-876ffe28796c, 12.2-STABLE before r369857, 13.0-RELEASE before p1, and 12.2-RELEASE before p7, a system call triggering a fault could cause SMAP protections to be disabled for the duration of the system call. This weakness could be combined with other kernel bugs to craft an exploit.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Freebsd ≫ Freebsd Version12.2 Update-

Freebsd ≫ Freebsd Version12.2 Updatebeta1-p1

Freebsd ≫ Freebsd Version12.2 Updatep1

Freebsd ≫ Freebsd Version12.2 Updatep2

Freebsd ≫ Freebsd Version12.2 Updatep3

Freebsd ≫ Freebsd Version12.2 Updatep4

Freebsd ≫ Freebsd Version12.2 Updatep5

Freebsd ≫ Freebsd Version12.2 Updatep6

Freebsd ≫ Freebsd Version13.0 Update-

Freebsd ≫ Freebsd Version13.0 Updatebeta3-p1

Freebsd ≫ Freebsd Version13.0 Updaterc3

Freebsd ≫ Freebsd Version13.0 Updaterc4

Freebsd ≫ Freebsd Version13.0 Updaterc5-p1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.24%	0.465

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://security.FreeBSD.org/advisories/FreeBSD-SA-21:11.smap.asc

Vendor Advisory

Exploit

https://security.netapp.com/advisory/ntap-20210713-0002/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-29628

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-29628

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-29628

EUVD