CVE-2020-7453 Information

Description

In FreeBSD 12.1-STABLE before r359021 12.1-RELEASE before 12.1-RELEASE-p3 11.3-STABLE before r359020 and 11.3-RELEASE before 11.3-RELEASE-p7 a missing null termination check in the jail_set configuration option \osrelease\ may return more bytes with a subsequent jail_get system call allowing a malicious jail superuser with permission to create nested jails to read kernel memory.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Reference

https://security.FreeBSD.org/advisories/FreeBSD-SA-20:08.jail.asc

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

NONE

Base Severity

6.0