Products
FreeBSD
freebsd
- *
freebsd
- 1
- 3
- .
- 3
freebsd
- 1
- 3
- .
- 4
freebsd
- 1
- 4
- .
- 0
freebsd
- 1
- 4
- .
- 1
Source
secteam@freebsd.org
Tags
CVE-2024-43102 details
Last Modified : Sept. 5, 2024, 9:23 p.m.
Description
Concurrent removals of certain anonymous shared memory mappings by using the UMTX_SHM_DESTROY sub-request of UMTX_OP_SHM can lead to decreasing the reference count of the object representing the mapping too many times, causing it to be freed too early. A malicious code exercizing the UMTX_SHM_DESTROY sub-request in parallel can panic the kernel or enable further Use-After-Free attacks, potentially including code execution or Capsicum sandbox escape.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10.0 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-416 | Use After Free | Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
10.0
Exploitability Score
3.9
Impact Score
6.0
Base Severity
CRITICAL
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
References
| URL | Source |
|---|---|
| https://security.freebsd.org/advisories/FreeBSD-SA-24:14.umtx.asc | secteam@freebsd.org |
CPEs
| Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
|---|---|---|---|---|---|---|---|---|---|---|
| o | freebsd | freebsd | / | / | / | / | / | / | / | / |
| o | freebsd | freebsd | 13.3 | - | / | / | / | / | / | / |
| o | freebsd | freebsd | 13.3 | p1 | / | / | / | / | / | / |
| o | freebsd | freebsd | 13.3 | p2 | / | / | / | / | / | / |
| o | freebsd | freebsd | 13.3 | p3 | / | / | / | / | / | / |
| o | freebsd | freebsd | 13.3 | p4 | / | / | / | / | / | / |
| o | freebsd | freebsd | 13.3 | p5 | / | / | / | / | / | / |
| o | freebsd | freebsd | 13.4 | beta3 | / | / | / | / | / | / |
| o | freebsd | freebsd | 14.0 | - | / | / | / | / | / | / |
| o | freebsd | freebsd | 14.0 | beta5 | / | / | / | / | / | / |
| o | freebsd | freebsd | 14.0 | p1 | / | / | / | / | / | / |
| o | freebsd | freebsd | 14.0 | p2 | / | / | / | / | / | / |
| o | freebsd | freebsd | 14.0 | p3 | / | / | / | / | / | / |
| o | freebsd | freebsd | 14.0 | p4 | / | / | / | / | / | / |
| o | freebsd | freebsd | 14.0 | p5 | / | / | / | / | / | / |
| o | freebsd | freebsd | 14.0 | p6 | / | / | / | / | / | / |
| o | freebsd | freebsd | 14.0 | p7 | / | / | / | / | / | / |
| o | freebsd | freebsd | 14.0 | p8 | / | / | / | / | / | / |
| o | freebsd | freebsd | 14.0 | p9 | / | / | / | / | / | / |
| o | freebsd | freebsd | 14.0 | rc3 | / | / | / | / | / | / |
| o | freebsd | freebsd | 14.0 | rc4-p1 | / | / | / | / | / | / |
| o | freebsd | freebsd | 14.1 | - | / | / | / | / | / | / |
| o | freebsd | freebsd | 14.1 | p1 | / | / | / | / | / | / |
| o | freebsd | freebsd | 14.1 | p2 | / | / | / | / | / | / |
| o | freebsd | freebsd | 14.1 | p3 | / | / | / | / | / | / |