CVE-2019-15876 Information

Description

In FreeBSD 12.1-STABLE before r356089 12.1-RELEASE before 12.1-RELEASE-p3 11.3-STABLE before r356090 and 11.3-RELEASE before 11.3-RELEASE-p7 driver specific ioctl command handlers in the oce network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to send passthrough commands to the device firmware.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Reference

https://security.FreeBSD.org/advisories/FreeBSD-SA-20:05.if_oce_ioctl.asc

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

5.5