What is CVE-2020-7460?

CVE-2020-7460 is a privilege escalation vulnerability in the FreeBSD Kernel.

How does CVE-2020-7460 impact FreeBSD Kernel?

CVE-2020-7460 allows local attackers to escalate privileges on affected installations of FreeBSD Kernel.

What is the severity of CVE-2020-7460?

CVE-2020-7460 has a severity score of 8.8 (high).

How can CVE-2020-7460 be fixed?

To fix CVE-2020-7460, users should apply the necessary patches or updates provided by FreeBSD.

Where can I find more information about CVE-2020-7460?

You can find more information about CVE-2020-7460 at the following sources: FreeBSD Security Advisories, NetApp Security Advisory, and Zero Day Initiative Advisories.

Vulnerability/
CVE-2020-7460

high

8.8

CWE

367

6/8/2020

1/7/2022

21/10/2023

CVE-2020-7460: FreeBSD Kernel sendmsg System Call Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability

First published: Thu Aug 06 2020(Updated: )

In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace program to modify control message headers after they were validation.

Credit: secteam@freebsd.org

Affected Software	Affected Version	How to fix
FreeBSD FreeBSD	=11.3
FreeBSD FreeBSD	=11.3-p1
FreeBSD FreeBSD	=11.3-p10
FreeBSD FreeBSD	=11.3-p11
FreeBSD FreeBSD	=11.3-p2
FreeBSD FreeBSD	=11.3-p3
FreeBSD FreeBSD	=11.3-p4
FreeBSD FreeBSD	=11.3-p5
FreeBSD FreeBSD	=11.3-p6
FreeBSD FreeBSD	=11.3-p7
FreeBSD FreeBSD	=11.3-p8
FreeBSD FreeBSD	=11.3-p9
FreeBSD FreeBSD	=11.4
FreeBSD FreeBSD	=11.4-p1
FreeBSD FreeBSD	=12.1
FreeBSD FreeBSD	=12.1-p1
FreeBSD FreeBSD	=12.1-p2
FreeBSD FreeBSD	=12.1-p3
FreeBSD FreeBSD	=12.1-p4
FreeBSD FreeBSD	=12.1-p6
FreeBSD FreeBSD	=12.1-p7

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-7460?
CVE-2020-7460 is a privilege escalation vulnerability in the FreeBSD Kernel.
How does CVE-2020-7460 impact FreeBSD Kernel?
CVE-2020-7460 allows local attackers to escalate privileges on affected installations of FreeBSD Kernel.
What is the severity of CVE-2020-7460?
CVE-2020-7460 has a severity score of 8.8 (high).
How can CVE-2020-7460 be fixed?
To fix CVE-2020-7460, users should apply the necessary patches or updates provided by FreeBSD.
Where can I find more information about CVE-2020-7460?
You can find more information about CVE-2020-7460 at the following sources: FreeBSD Security Advisories, NetApp Security Advisory, and Zero Day Initiative Advisories.

collector/zdi-advisory
alias/ZDI-20-949
alias/ZDI-CAN-11543
alias/CVE-2020-7460
collector/nvd-index
agent/weakness
agent/severity
agent/references
agent/title
agent/author
agent/tags
agent/type
agent/event
agent/description
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
vendor/freebsd
canonical/freebsd kernel
canonical/freebsd freebsd
version/freebsd freebsd/11.3
version/freebsd freebsd/11.3-p1
version/freebsd freebsd/11.3-p10
version/freebsd freebsd/11.3-p11
version/freebsd freebsd/11.3-p2
version/freebsd freebsd/11.3-p3
version/freebsd freebsd/11.3-p4
version/freebsd freebsd/11.3-p5
version/freebsd freebsd/11.3-p6
version/freebsd freebsd/11.3-p7
version/freebsd freebsd/11.3-p8
version/freebsd freebsd/11.3-p9
version/freebsd freebsd/11.4
version/freebsd freebsd/11.4-p1
version/freebsd freebsd/12.1
version/freebsd freebsd/12.1-p1
version/freebsd freebsd/12.1-p2
version/freebsd freebsd/12.1-p3
version/freebsd freebsd/12.1-p4
version/freebsd freebsd/12.1-p6
version/freebsd freebsd/12.1-p7