CVE-2020-25584

In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before r369552, 11.4-STABLE before r369560, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, a superuser inside a FreeBSD jail configured with the non-default allow.mount permission could cause a race condition between the lookup of ".." and remounting a filesystem, allowing access to filesystem hierarchy outside of the jail.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
freebsdCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
VendorProductVersion
freebsdfreebsd
𝑥
< 11.4
freebsdfreebsd
12.0 ≤
𝑥
< 12.2
freebsdfreebsd
11.4
freebsdfreebsd
11.4:beta1
freebsdfreebsd
11.4:p1
freebsdfreebsd
11.4:p2
freebsdfreebsd
11.4:p3
freebsdfreebsd
11.4:p4
freebsdfreebsd
11.4:p5
freebsdfreebsd
11.4:rc1
freebsdfreebsd
11.4:rc2
freebsdfreebsd
12.2
freebsdfreebsd
12.2:p1
freebsdfreebsd
12.2:p2
freebsdfreebsd
13.0:beta1
freebsdfreebsd
13.0:beta2
freebsdfreebsd
13.0:beta3
freebsdfreebsd
13.0:beta4
freebsdfreebsd
13.0:rc1
freebsdfreebsd
13.0:rc2
freebsdfreebsd
13.0:rc3
freebsdfreebsd
13.0:rc4
freebsdfreebsd
13.0:rc5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:10.jail_mount.asc
https://security.netapp.com/advisory/ntap-20210423-0009/
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:10.jail_mount.asc
https://security.netapp.com/advisory/ntap-20210423-0009/