CVE-2020-7452 Information

Description

In FreeBSD 12.1-STABLE before r357490 12.1-RELEASE before 12.1-RELEASE-p3 11.3-STABLE before r357489 and 11.3-RELEASE before 11.3-RELEASE-p7 incorrect use of a user-controlled pointer in the epair virtual network module allowed vnet jailed privileged users to panic the host system and potentially execute arbitrary code in the kernel.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Reference

https://security.FreeBSD.org/advisories/FreeBSD-SA-20:07.epair.asc

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.1