U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:freebsd:freebsd:10.1:p4:*:*:*:*:*:*
  • CPE Name Search: true
There are 87 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2021-29626

In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to invalidate shared memory page mappings between multiple processes allowing an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel.

Published: April 07, 2021; 11:15:13 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2020-25584

In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before r369552, 11.4-STABLE before r369560, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, a superuser inside a FreeBSD jail configured with the non-default allow.mount permission could cause a race condition between the lookup of ".." and remounting a filesystem, allowing access to filesystem hierarchy outside of the jail.

Published: April 07, 2021; 11:15:13 AM -0400
V3.1: 7.5 HIGH
V2.0: 6.2 MEDIUM
CVE-2020-24718

bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP.

Published: September 25, 2020; 12:23:04 AM -0400
V3.1: 8.2 HIGH
V2.0: 7.2 HIGH
CVE-2020-24863

A memory corruption vulnerability was found in the kernel function kern_getfsstat in MidnightBSD before 1.2.7 and 1.3 through 2020-08-19, and FreeBSD through 11.4, that allows an attacker to trigger an invalid free and crash the system via a crafted size value in conjunction with an invalid mode.

Published: September 03, 2020; 11:15:11 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2020-10566

grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow.

Published: March 13, 2020; 9:15:12 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2020-10565

grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. This allows an untrusted guest to perform arbitrary read or write operations in the context of the grub-bhyve process, resulting in code execution as root on the host OS.

Published: March 13, 2020; 9:15:12 PM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2018-17160

In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root.

Published: December 04, 2018; 4:29:00 PM -0500
V3.0: 10.0 CRITICAL
V2.0: 10.0 HIGH
CVE-2018-17159

In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS server lacks a bounds check in the READDIRPLUS NFS request. Unprivileged remote users with access to the NFS server can cause a resource exhaustion by forcing the server to allocate an arbitrarily large memory allocation.

Published: December 04, 2018; 10:29:00 AM -0500
V3.0: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2018-17158

In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request.

Published: December 04, 2018; 10:29:00 AM -0500
V3.0: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2018-17157

In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corruption by sending a specially crafted NFSv4 request. Unprivileged remote users with access to the NFS server may be able to execute arbitrary code.

Published: December 04, 2018; 10:29:00 AM -0500
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2018-17156

In FreeBSD before 11.2-STABLE(r340268) and 11.2-RELEASE-p5, due to incorrectly accounting for padding on 64-bit platforms, a buffer underwrite could occur when constructing an ICMP reply packet when using a non-standard value for the net.inet.icmp.quotelen sysctl.

Published: November 28, 2018; 11:29:00 AM -0500
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-6925

In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985), and 10.4-RELEASE-p13, due to improper maintenance of IPv6 protocol control block flags through various failure paths, an unprivileged authenticated local user may be able to cause a NULL pointer dereference causing the kernel to crash.

Published: September 28, 2018; 9:29:01 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2018-17155

In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts privileged kernel data.

Published: September 28, 2018; 9:29:00 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2018-17154

In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELEASE-p15, due to insufficient memory checking in the freebsd4_getfsstat system call, a NULL pointer dereference can occur. Unprivileged authenticated local users may be able to cause a denial of service.

Published: September 28, 2018; 9:29:00 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2017-1085

In FreeBSD before 11.2-RELEASE, an application which calls setrlimit() to increase RLIMIT_STACK may turn a read-only memory region below the stack into a read-write region. A specially crafted executable could be exploited to execute arbitrary code in the user context.

Published: September 12, 2018; 10:29:00 AM -0400
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2017-1084

In FreeBSD before 11.2-RELEASE, multiple issues with the implementation of the stack guard-page reduce the protections afforded by the guard-page. This results in the possibility a poorly written process could be cause a stack overflow.

Published: September 12, 2018; 10:29:00 AM -0400
V3.0: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2017-1083

In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is disabled by default. This results in the possibility a poorly written process could be cause a stack overflow.

Published: September 12, 2018; 10:29:00 AM -0400
V3.0: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2017-1082

In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the qsort algorithm has a deterministic recursion pattern. Feeding a pathological input to the algorithm can lead to excessive stack usage and potential overflow. Applications that use qsort to handle large data set may crash if the input follows the pathological pattern.

Published: September 12, 2018; 10:29:00 AM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-6559

Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link_ntoa() and points out that none of the base utilities use this function in an exploitable manner. For more information, please see FreeBSD Security Advisory SA-16:37.

Published: July 13, 2018; 4:29:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-6920

In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data.

Published: May 08, 2018; 3:29:00 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW