cve-2021-29626
Vulnerability from cvelistv5
Published
2021-04-07 14:48
Modified
2024-08-03 22:11
Severity ?
EPSS score ?
Summary
In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to invalidate shared memory page mappings between multiple processes allowing an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secteam@freebsd.org | https://security.FreeBSD.org/advisories/FreeBSD-SA-21:08.vm.asc | Vendor Advisory | |
| secteam@freebsd.org | https://security.netapp.com/advisory/ntap-20210423-0008/ | Third Party Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:11:06.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:08.vm.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210423-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FreeBSD 12.2-RELEASE before p6, 11.4-RELEASE before p9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to invalidate shared memory page mappings between multiple processes allowing an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free memory disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-23T05:06:28",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:08.vm.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210423-0008/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2021-29626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 12.2-RELEASE before p6, 11.4-RELEASE before p9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to invalidate shared memory page mappings between multiple processes allowing an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free memory disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:08.vm.asc",
"refsource": "MISC",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:08.vm.asc"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210423-0008/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210423-0008/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2021-29626",
"datePublished": "2021-04-07T14:48:32",
"dateReserved": "2021-03-30T00:00:00",
"dateUpdated": "2024-08-03T22:11:06.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-29626\",\"sourceIdentifier\":\"secteam@freebsd.org\",\"published\":\"2021-04-07T15:15:13.700\",\"lastModified\":\"2022-05-27T13:22:42.510\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to invalidate shared memory page mappings between multiple processes allowing an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel.\"},{\"lang\":\"es\",\"value\":\"En FreeBSD versiones 13.0-STABLE anteriores a n245117, versiones 12.2-STABLE anteriores a r369551, versiones 11.4-STABLE anteriores a r369559, versiones 13.0-RC5 anteriores a p1, versiones 12.2-RELEASE anteriores a p6 y versiones 11.4-RELEASE anteriores a p9, la l\u00f3gica de copy-on-write fallaba al invalidar las asignaciones de p\u00e1ginas de memoria compartida entre m\u00faltiples procesos, permitiendo que un proceso sin privilegios mantuviera una asignaci\u00f3n despu\u00e9s de ser liberada, permitiendo que el proceso leyera datos privados pertenecientes a otros procesos o al kernel\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":2.1},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.4\",\"matchCriteriaId\":\"55C77F87-F478-418A-861F-554D2196090B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0\",\"versionEndExcluding\":\"12.2\",\"matchCriteriaId\":\"17AC6343-11EC-4586-91EB-D7C4D4C1699E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A865EA1-01D7-4E5A-9D13-80780F8A9D7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B80FBD1B-D03E-4408-9150-2F86FAF7F1D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FCA6A72-2A72-45FD-A43D-B5BF7C329121\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"90F9B3CB-3B60-4AA8-9EAF-4F0BE7D27691\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C04EE177-C7D1-4049-B680-F961A27C677F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"218AF216-7B03-4C02-B55F-2316AF14074B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"33266717-0359-4243-868B-B84436E2A89E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B0FB7BE-DB4E-47CE-8B51-C43DC5AADD17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D427061-B399-47BA-865D-9FAB315210CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"73D9C08B-8F5B-40C4-A5BD-B00D2E4C012D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.2:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"62A178A3-6A52-4981-9A27-FB07AD8AF778\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.2:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"54A487B1-E5CE-4C76-87E8-518D24C5D86D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7412DBD8-BB1F-48A8-AAE1-BA5C8D7BDDF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"833DFF5B-BC50-424A-ABCF-EC632F421B76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F27016E-4117-4094-BB7A-9C56E38024D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.0:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"B149BF69-951D-47B4-996C-9E4773DA75B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC271C93-EB83-4301-B7BA-F3249B71B1EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"04329338-AC28-4A74-BE6B-CE8EC6CC37B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADBA841F-5C83-4759-84B7-B59DA1B12EA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A8F38B3-A6DA-4178-A2BD-0D4F0267C384\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.0:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BB028A0-70F6-42DA-9E5A-F7AAF74ED45B\"}]}]}],\"references\":[{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-21:08.vm.asc\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210423-0008/\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.