CVE-2020-25582

In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.7 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
freebsdCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
VendorProductVersion
freebsdfreebsd
11.4
freebsdfreebsd
11.4:p1
freebsdfreebsd
11.4:p2
freebsdfreebsd
11.4:p3
freebsdfreebsd
11.4:p4
freebsdfreebsd
11.4:p5
freebsdfreebsd
11.4:p6
freebsdfreebsd
11.4:p7
freebsdfreebsd
12.2
freebsdfreebsd
12.2:p1
freebsdfreebsd
12.2:p2
freebsdfreebsd
12.2:p3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:05.jail_chdir.asc
https://security.netapp.com/advisory/ntap-20210423-0003/
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:05.jail_chdir.asc
https://security.netapp.com/advisory/ntap-20210423-0003/