What is the severity of CVE-2020-7456?

The severity of CVE-2020-7456 is high.

What software is affected by CVE-2020-7456?

FreeBSD 11.3, 11.4, and 12.1 as well as NetApp Clustered Data ONTAP.

How can an attacker exploit CVE-2020-7456?

An attacker can exploit CVE-2020-7456 by using an invalid memory location for HID items.

Is there a fix available for CVE-2020-7456?

Yes, fixes have been released for FreeBSD and NetApp Clustered Data ONTAP. Please refer to the respective advisories for more information.

Where can I find more information about CVE-2020-7456?

Additional information about CVE-2020-7456 can be found in the FreeBSD and NetApp advisories.

Vulnerability/
CVE-2020-7456

high

7.2

CWE

119

9/6/2020

7/7/2020

CVE-2020-7456: Buffer Overflow

First published: Tue Jun 09 2020(Updated: )

In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 before p1, an invalid memory location may be used for HID items if the push/pop level is not restored within the processing of that HID item allowing an attacker with physical access to a USB port to be able to use a specially crafted USB device to gain kernel or user-space code execution.

Credit: secteam@freebsd.org

Affected Software	Affected Version	How to fix
FreeBSD FreeBSD	=11.3
FreeBSD FreeBSD	=11.3-p1
FreeBSD FreeBSD	=11.3-p2
FreeBSD FreeBSD	=11.3-p3
FreeBSD FreeBSD	=11.3-p4
FreeBSD FreeBSD	=11.3-p5
FreeBSD FreeBSD	=11.3-p6
FreeBSD FreeBSD	=11.3-p7
FreeBSD FreeBSD	=11.3-p8
FreeBSD FreeBSD	=11.3-p9
FreeBSD FreeBSD	=11.4-rc1
FreeBSD FreeBSD	=11.4-rc2
FreeBSD FreeBSD	=12.1
FreeBSD FreeBSD	=12.1-p1
FreeBSD FreeBSD	=12.1-p2
FreeBSD FreeBSD	=12.1-p3
FreeBSD FreeBSD	=12.1-p4
FreeBSD FreeBSD	=12.1-p5
NetApp Clustered Data ONTAP

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2020-7456?
The severity of CVE-2020-7456 is high.
What software is affected by CVE-2020-7456?
FreeBSD 11.3, 11.4, and 12.1 as well as NetApp Clustered Data ONTAP.
How can an attacker exploit CVE-2020-7456?
An attacker can exploit CVE-2020-7456 by using an invalid memory location for HID items.
Is there a fix available for CVE-2020-7456?
Yes, fixes have been released for FreeBSD and NetApp Clustered Data ONTAP. Please refer to the respective advisories for more information.
Where can I find more information about CVE-2020-7456?
Additional information about CVE-2020-7456 can be found in the FreeBSD and NetApp advisories.

collector/nvd-index
vendor/freebsd
canonical/freebsd freebsd
version/freebsd freebsd/11.3
version/freebsd freebsd/11.3-p1
version/freebsd freebsd/11.3-p2
version/freebsd freebsd/11.3-p3
version/freebsd freebsd/11.3-p4
version/freebsd freebsd/11.3-p5
version/freebsd freebsd/11.3-p6
version/freebsd freebsd/11.3-p7
version/freebsd freebsd/11.3-p8
version/freebsd freebsd/11.3-p9
version/freebsd freebsd/11.4-rc1
version/freebsd freebsd/11.4-rc2
version/freebsd freebsd/12.1
version/freebsd freebsd/12.1-p1
version/freebsd freebsd/12.1-p2
version/freebsd freebsd/12.1-p3
version/freebsd freebsd/12.1-p4
version/freebsd freebsd/12.1-p5
vendor/netapp
canonical/netapp clustered data ontap

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.