CVE-2021-29626

EUVD-2021-16102
In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to invalidate shared memory page mappings between multiple processes allowing an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Affected Products (NVD)
VendorProductVersion
freebsdfreebsd
𝑥
< 11.4
freebsdfreebsd
12.0 ≤
𝑥
< 12.2
freebsdfreebsd
11.4
freebsdfreebsd
11.4:beta1
freebsdfreebsd
11.4:p1
freebsdfreebsd
11.4:p2
freebsdfreebsd
11.4:p3
freebsdfreebsd
11.4:p4
freebsdfreebsd
11.4:p5
freebsdfreebsd
11.4:rc1
freebsdfreebsd
11.4:rc2
freebsdfreebsd
12.2
freebsdfreebsd
12.2:p1
freebsdfreebsd
12.2:p2
freebsdfreebsd
13.0:beta1
freebsdfreebsd
13.0:beta2
freebsdfreebsd
13.0:beta3
freebsdfreebsd
13.0:beta4
freebsdfreebsd
13.0:rc1
freebsdfreebsd
13.0:rc2
freebsdfreebsd
13.0:rc3
freebsdfreebsd
13.0:rc4
freebsdfreebsd
13.0:rc5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:08.vm.asc
https://security.netapp.com/advisory/ntap-20210423-0008/
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:08.vm.asc
https://security.netapp.com/advisory/ntap-20210423-0008/