First published: Fri Mar 26 2021(Updated: )
In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12.1-RELEASE before p10, 11.4-RELEASE before p4, and 11.3-RELEASE before p14, a programming error in the ure(4) device driver caused some Realtek USB Ethernet interfaces to incorrectly report packets with more than 2048 bytes in a single USB transfer as having a length of only 2048 bytes. An adversary can exploit this to cause the driver to misinterpret part of the payload of a large packet as a separate packet, and thereby inject packets across security boundaries such as VLANs.
Credit: secteam@freebsd.org
Affected Software | Affected Version | How to fix |
---|---|---|
FreeBSD FreeBSD | =11.3 | |
FreeBSD FreeBSD | =11.3-p1 | |
FreeBSD FreeBSD | =11.3-p10 | |
FreeBSD FreeBSD | =11.3-p11 | |
FreeBSD FreeBSD | =11.3-p12 | |
FreeBSD FreeBSD | =11.3-p13 | |
FreeBSD FreeBSD | =11.3-p2 | |
FreeBSD FreeBSD | =11.3-p3 | |
FreeBSD FreeBSD | =11.3-p4 | |
FreeBSD FreeBSD | =11.3-p5 | |
FreeBSD FreeBSD | =11.3-p6 | |
FreeBSD FreeBSD | =11.3-p7 | |
FreeBSD FreeBSD | =11.3-p8 | |
FreeBSD FreeBSD | =11.3-p9 | |
FreeBSD FreeBSD | =11.4 | |
FreeBSD FreeBSD | =11.4-p1 | |
FreeBSD FreeBSD | =11.4-p2 | |
FreeBSD FreeBSD | =11.4-p3 | |
FreeBSD FreeBSD | =12.1 | |
FreeBSD FreeBSD | =12.1-p1 | |
FreeBSD FreeBSD | =12.1-p2 | |
FreeBSD FreeBSD | =12.1-p3 | |
FreeBSD FreeBSD | =12.1-p4 | |
FreeBSD FreeBSD | =12.1-p5 | |
FreeBSD FreeBSD | =12.1-p6 | |
FreeBSD FreeBSD | =12.1-p7 | |
FreeBSD FreeBSD | =12.1-p8 | |
FreeBSD FreeBSD | =12.1-p9 | |
FreeBSD FreeBSD | =12.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this FreeBSD vulnerability is CVE-2020-7464.
The severity of CVE-2020-7464 is medium.
FreeBSD versions 11.3, 11.4, 12.1, and 12.2 are affected by CVE-2020-7464.
To fix CVE-2020-7464, users should update to FreeBSD 12.2-STABLE r365730, 11.4-STABLE r365738, 12.1-RELEASE p10, 11.4-RELEASE p4, or 11.3-RELEASE p14.