diff options
author | Philip Paeps <philip@FreeBSD.org> | 2021-04-07 11:20:52 +0000 |
---|---|---|
committer | Philip Paeps <philip@FreeBSD.org> | 2021-04-07 11:24:14 +0000 |
commit | f5644310b27dc209f0c508945c2630a8cdf3b6ec (patch) | |
tree | a357e08eb3ba303b44b2e6a15c1c67a4398e674b /security | |
parent | 5fc1c8e1322f9a3fddf86ad129697cfb01c864ba (diff) | |
download | ports-f5644310b27dc209f0c508945c2630a8cdf3b6ec.tar.gz ports-f5644310b27dc209f0c508945c2630a8cdf3b6ec.zip |
security/vuxml: add FreeBSD SA-21:08.vm
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 310e7a7b1f6b..b1785c02ef75 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -76,6 +76,41 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="13d37672-9791-11eb-b87a-901b0ef719ab"> + <topic>FreeBSD -- Memory disclosure by stale virtual memory mapping</topic> + <affects> + <package> + <name>FreeBSD-kernel</name> + <range><ge>12.2</ge><lt>12.2_6</lt></range> + <range><ge>11.4</ge><lt>11.4_9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>A particular case of memory sharing is mishandled in the virtual memory + system. It is possible and legal to establish a relationship where + multiple descendant processes share a mapping which shadows memory of an + ancestor process. In this scenario, when one process modifies memory + through such a mapping, the copy-on-write logic fails to invalidate + other mappings of the source page. These stale mappings may remain even + after the mapped pages have been reused for another purpose.</p> + <h1>Impact:</h1> + <p>An unprivileged local user process can maintain a mapping of a page + after it is freed, allowing that process to read private data belonging + to other processes or the kernel.</p> + </body> + </description> + <references> + <cvename>CVE-2021-29626</cvename> + <freebsdsa>SA-21:08.vm</freebsdsa> + </references> + <dates> + <discovery>2021-04-06</discovery> + <entry>2021-04-07</entry> + </dates> + </vuln> + <vuln vid="dec7e4b6-961a-11eb-9c34-080027f515ea"> <topic>ruby -- XML round-trip vulnerability in REXML</topic> <affects> |