What is CVE-2020-25584?

CVE-2020-25584 is a vulnerability in FreeBSD that allows a superuser inside a FreeBSD jail with the non-default allow.mount permission to cause a race condition.

What is the severity of CVE-2020-25584?

CVE-2020-25584 has a severity level of 7.5 (High).

Which versions of FreeBSD are affected by CVE-2020-25584?

FreeBSD versions 11.4-RELEASE before p9, 11.4-STABLE before r369560, 12.2-RELEASE before p6, 12.2-STABLE before r369552, and 13.0-STABLE before n245118 are affected by CVE-2020-25584.

How can I fix CVE-2020-25584?

To fix CVE-2020-25584, it is recommended to update to FreeBSD versions that include the relevant patches.

Where can I find more information about CVE-2020-25584?

You can find more information about CVE-2020-25584 in the advisories provided by FreeBSD and NetApp.

Vulnerability/
CVE-2020-25584

high

7.5

CWE

362

7/4/2021

3/6/2021

CVE-2020-25584: Race Condition

First published: Wed Apr 07 2021(Updated: )

In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before r369552, 11.4-STABLE before r369560, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, a superuser inside a FreeBSD jail configured with the non-default allow.mount permission could cause a race condition between the lookup of ".." and remounting a filesystem, allowing access to filesystem hierarchy outside of the jail.

Credit: secteam@freebsd.org

Affected Software	Affected Version	How to fix
FreeBSD FreeBSD	<11.4
FreeBSD FreeBSD	>=12.0<12.2
FreeBSD FreeBSD	=11.4
FreeBSD FreeBSD	=11.4-beta1
FreeBSD FreeBSD	=11.4-p1
FreeBSD FreeBSD	=11.4-p2
FreeBSD FreeBSD	=11.4-p3
FreeBSD FreeBSD	=11.4-p4
FreeBSD FreeBSD	=11.4-p5
FreeBSD FreeBSD	=11.4-rc1
FreeBSD FreeBSD	=11.4-rc2
FreeBSD FreeBSD	=12.2
FreeBSD FreeBSD	=12.2-p1
FreeBSD FreeBSD	=12.2-p2
FreeBSD FreeBSD	=13.0-beta1
FreeBSD FreeBSD	=13.0-beta2
FreeBSD FreeBSD	=13.0-beta3
FreeBSD FreeBSD	=13.0-beta4
FreeBSD FreeBSD	=13.0-rc1
FreeBSD FreeBSD	=13.0-rc2
FreeBSD FreeBSD	=13.0-rc3
FreeBSD FreeBSD	=13.0-rc4
FreeBSD FreeBSD	=13.0-rc5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-25584?
CVE-2020-25584 is a vulnerability in FreeBSD that allows a superuser inside a FreeBSD jail with the non-default allow.mount permission to cause a race condition.
What is the severity of CVE-2020-25584?
CVE-2020-25584 has a severity level of 7.5 (High).
Which versions of FreeBSD are affected by CVE-2020-25584?
FreeBSD versions 11.4-RELEASE before p9, 11.4-STABLE before r369560, 12.2-RELEASE before p6, 12.2-STABLE before r369552, and 13.0-STABLE before n245118 are affected by CVE-2020-25584.
How can I fix CVE-2020-25584?
To fix CVE-2020-25584, it is recommended to update to FreeBSD versions that include the relevant patches.
Where can I find more information about CVE-2020-25584?
You can find more information about CVE-2020-25584 in the advisories provided by FreeBSD and NetApp.

collector/nvd-index
agent/weakness
agent/references
agent/tags
agent/severity
agent/description
agent/author
agent/type
agent/event
agent/softwarecombine
agent/last-modified-date
agent/first-publish-date
vendor/freebsd
canonical/freebsd freebsd
version/freebsd freebsd/12.0
version/freebsd freebsd/11.4
version/freebsd freebsd/11.4-beta1
version/freebsd freebsd/11.4-p1
version/freebsd freebsd/11.4-p2
version/freebsd freebsd/11.4-p3
version/freebsd freebsd/11.4-p4
version/freebsd freebsd/11.4-p5
version/freebsd freebsd/11.4-rc1
version/freebsd freebsd/11.4-rc2
version/freebsd freebsd/12.2
version/freebsd freebsd/12.2-p1
version/freebsd freebsd/12.2-p2
version/freebsd freebsd/13.0-beta1
version/freebsd freebsd/13.0-beta2
version/freebsd freebsd/13.0-beta3
version/freebsd freebsd/13.0-beta4
version/freebsd freebsd/13.0-rc1
version/freebsd freebsd/13.0-rc2
version/freebsd freebsd/13.0-rc3
version/freebsd freebsd/13.0-rc4
version/freebsd freebsd/13.0-rc5