CVE-2020-7452

In FreeBSD 12.1-STABLE before r357490, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r357489, and 11.3-RELEASE before 11.3-RELEASE-p7, incorrect use of a user-controlled pointer in the epair virtual network module allowed vnet jailed privileged users to panic the host system and potentially execute arbitrary code in the kernel.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
freebsdCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
VendorProductVersion
freebsdfreebsd
11.3
freebsdfreebsd
11.3:p1
freebsdfreebsd
11.3:p2
freebsdfreebsd
11.3:p3
freebsdfreebsd
11.3:p4
freebsdfreebsd
11.3:p5
freebsdfreebsd
11.3:p6
freebsdfreebsd
12.1
freebsdfreebsd
12.1:p1
freebsdfreebsd
12.1:p2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:07.epair.asc
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:07.epair.asc