FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Memory disclosure by stale virtual memory mapping

Affected packages
12.2 <= FreeBSD-kernel < 12.2_6
11.4 <= FreeBSD-kernel < 11.4_9

Details

VuXML ID 13d37672-9791-11eb-b87a-901b0ef719ab
Discovery 2021-04-06
Entry 2021-04-07

Problem Description:

A particular case of memory sharing is mishandled in the virtual memory system. It is possible and legal to establish a relationship where multiple descendant processes share a mapping which shadows memory of an ancestor process. In this scenario, when one process modifies memory through such a mapping, the copy-on-write logic fails to invalidate other mappings of the source page. These stale mappings may remain even after the mapped pages have been reused for another purpose.

Impact:

An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel.

References

CVE Name CVE-2021-29626
FreeBSD Advisory SA-21:08.vm