CVE-2020-7462: Use After Free
First published: Fri Mar 26 2021(Updated: )
In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, improper mbuf handling in the kernel causes a use-after-free bug by sending IPv6 Hop-by-Hop options over the loopback interface. The use-after-free situation may result in unintended kernel behaviour including a kernel panic.
Credit: secteam@freebsd.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FreeBSD FreeBSD | =11.3 | |
| FreeBSD FreeBSD | =11.3-p1 | |
| FreeBSD FreeBSD | =11.3-p10 | |
| FreeBSD FreeBSD | =11.3-p11 | |
| FreeBSD FreeBSD | =11.3-p12 | |
| FreeBSD FreeBSD | =11.3-p2 | |
| FreeBSD FreeBSD | =11.3-p3 | |
| FreeBSD FreeBSD | =11.3-p4 | |
| FreeBSD FreeBSD | =11.3-p5 | |
| FreeBSD FreeBSD | =11.3-p6 | |
| FreeBSD FreeBSD | =11.3-p7 | |
| FreeBSD FreeBSD | =11.3-p8 | |
| FreeBSD FreeBSD | =11.3-p9 | |
| FreeBSD FreeBSD | =11.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-7462?
CVE-2020-7462 is a vulnerability in the FreeBSD operating system that allows for a use-after-free bug by sending IPv6 Hop-by-Hop options over the loopback interface, resulting in unintended kernel behavior including a kernel panic.
Which versions of FreeBSD are affected by CVE-2020-7462?
FreeBSD versions 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13 are affected by CVE-2020-7462.
How severe is CVE-2020-7462?
CVE-2020-7462 has a severity rating of medium with a CVSS score of 5.5.
How can I fix CVE-2020-7462?
To fix CVE-2020-7462, users should update their FreeBSD installations to a patched version or apply the recommended security patches.
Where can I find more information about CVE-2020-7462?
More information about CVE-2020-7462 can be found on the FreeBSD Security Advisories website: https://security.FreeBSD.org/advisories/FreeBSD-SA-20:24.ipv6.asc
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/freebsd
- canonical/freebsd freebsd
- version/freebsd freebsd/11.3
- version/freebsd freebsd/11.3-p1
- version/freebsd freebsd/11.3-p10
- version/freebsd freebsd/11.3-p11
- version/freebsd freebsd/11.3-p12
- version/freebsd freebsd/11.3-p2
- version/freebsd freebsd/11.3-p3
- version/freebsd freebsd/11.3-p4
- version/freebsd freebsd/11.3-p5
- version/freebsd freebsd/11.3-p6
- version/freebsd freebsd/11.3-p7
- version/freebsd freebsd/11.3-p8
- version/freebsd freebsd/11.3-p9
- version/freebsd freebsd/11.4