Memory leak and privilege escalation vulnerabilities in FreeBSD; millions of devices affected

Reports of multiple security flaws in various technological developments emerged this week. One of the most popular researches in the cybersecurity community concerns at least five vulnerabilities present in the FreeBSD operating system; according to vulnerability assessment specialists, exploiting these flaws allows the deployment of various malicious tasks, such as memory leaks or errors in system resource management.

Below is a brief summary of each of the faults found, alongside with their respective Common Vulnerability Scoring System (CVSS) keys.

CVE-2020-745: This vulnerability exists due to memory leakage in FreeBSD’s IPv6 implementation when processing network traffic via TCP, resulting in the disclosure of one byte of core memory with each TCP SYN-ACK segment sent using the protocol IPv6.

A remote hacker could initiate a TCP connection using the IPv6 protocol to a vulnerable system and gain access to sensitive information stored in the kernel.

CVE-2019-15876: This flaw exists due to insufficient privilege verification in IOCTL. A local threat actor could run a specially designed application to send arbitrary commands to the firmware of the affected device in order to perform a privilege escalation on the system, as mentioned by the vulnerability assessment experts.

CVE-2019-15877: This vulnerability affects the access and privilege control system and exists due to insufficient verification in IOCTL. A local threat actor can run a specially designed application to trigger updates to the device’s non-volatile memory (NVM) and perform a privilege escalation on the system.

CVE-2020-7452: This flaw exists due to the correct use of the potentially user-controlled pointer within the epair interface at the kernel and allows a local threat actor to scale privileges on the compromised system.

CVE-2020-7453: This failure exists due to the lack of NUL termination verification for the configuration option “osrelease” jail_set (2), leading to the disclosure of additional kernel memory bytes from which they were initially configured, mentions the vulnerability assessment report. Finally, hackers can obtain sensitive information from the affected system by exploiting this vulnerability.

The International Institute of Cyber Security (IICS) mentions that the risk of exploiting these failures is low, and no public exploits have been identified so far. Mitigations for these failures are available on the official FreeBSD platform.