CVE-2020-7462

In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, improper mbuf handling in the kernel causes a use-after-free bug by sending IPv6 Hop-by-Hop options over the loopback interface. The use-after-free situation may result in unintended kernel behaviour including a kernel panic.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
freebsdCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
VendorProductVersion
freebsdfreebsd
11.3
freebsdfreebsd
11.3:p1
freebsdfreebsd
11.3:p10
freebsdfreebsd
11.3:p11
freebsdfreebsd
11.3:p12
freebsdfreebsd
11.3:p2
freebsdfreebsd
11.3:p3
freebsdfreebsd
11.3:p4
freebsdfreebsd
11.3:p5
freebsdfreebsd
11.3:p6
freebsdfreebsd
11.3:p7
freebsdfreebsd
11.3:p8
freebsdfreebsd
11.3:p9
freebsdfreebsd
11.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:24.ipv6.asc
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:24.ipv6.asc