CVE-2020-7459: Input Validation
First published: Thu Aug 06 2020(Updated: )
In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-STABLE before r362167, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, missing length validation code common to mulitple USB network drivers allows a malicious USB device to write beyond the end of an allocated network packet buffer.
Credit: secteam@freebsd.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FreeBSD Kernel | =11.3 | |
| FreeBSD Kernel | =11.3-p1 | |
| FreeBSD Kernel | =11.3-p10 | |
| FreeBSD Kernel | =11.3-p11 | |
| FreeBSD Kernel | =11.3-p2 | |
| FreeBSD Kernel | =11.3-p3 | |
| FreeBSD Kernel | =11.3-p4 | |
| FreeBSD Kernel | =11.3-p5 | |
| FreeBSD Kernel | =11.3-p6 | |
| FreeBSD Kernel | =11.3-p7 | |
| FreeBSD Kernel | =11.3-p8 | |
| FreeBSD Kernel | =11.3-p9 | |
| FreeBSD Kernel | =11.4 | |
| FreeBSD Kernel | =11.4-p1 | |
| FreeBSD Kernel | =12.1 | |
| FreeBSD Kernel | =12.1-p1 | |
| FreeBSD Kernel | =12.1-p2 | |
| FreeBSD Kernel | =12.1-p3 | |
| FreeBSD Kernel | =12.1-p4 | |
| FreeBSD Kernel | =12.1-p6 | |
| FreeBSD Kernel | =12.1-p7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-7459?
CVE-2020-7459 is a vulnerability in FreeBSD that allows a malicious USB device to write beyond the end of an allocated network packet.
How severe is CVE-2020-7459?
CVE-2020-7459 has a severity score of 6.8, which is considered medium.
Which versions of FreeBSD are affected by CVE-2020-7459?
FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-STABLE before r362167, 11.4-RELEASE before p2, and 11.3-RELEASE before p12 are affected by CVE-2020-7459.
How do I fix CVE-2020-7459?
To fix CVE-2020-7459, update to FreeBSD 12.1-STABLE r362166 or later, 12.1-RELEASE p8 or later, 11.4-STABLE r362167 or later, 11.4-RELEASE p2 or later, or 11.3-RELEASE p12 or later.
Where can I find more information about CVE-2020-7459?
You can find more information about CVE-2020-7459 at the following references: [link1](https://security.FreeBSD.org/advisories/FreeBSD-SA-20:21.usb_net.asc) [link2](https://security.netapp.com/advisory/ntap-20200821-0005/)
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/weakness
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/freebsd
- canonical/freebsd kernel
- version/freebsd kernel/11.3
- version/freebsd kernel/11.3-p1
- version/freebsd kernel/11.3-p10
- version/freebsd kernel/11.3-p11
- version/freebsd kernel/11.3-p2
- version/freebsd kernel/11.3-p3
- version/freebsd kernel/11.3-p4
- version/freebsd kernel/11.3-p5
- version/freebsd kernel/11.3-p6
- version/freebsd kernel/11.3-p7
- version/freebsd kernel/11.3-p8
- version/freebsd kernel/11.3-p9
- version/freebsd kernel/11.4
- version/freebsd kernel/11.4-p1
- version/freebsd kernel/12.1
- version/freebsd kernel/12.1-p1
- version/freebsd kernel/12.1-p2
- version/freebsd kernel/12.1-p3
- version/freebsd kernel/12.1-p4
- version/freebsd kernel/12.1-p6
- version/freebsd kernel/12.1-p7