FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Insufficient oce(4) ioctl(2) privilege checking

Affected packages
12.1 <= FreeBSD-kernel < 12.1_3
11.3 <= FreeBSD-kernel < 11.3_7


VuXML ID 3c10ccdf-6a09-11ea-92ab-00163e433440
Discovery 2020-03-19
Entry 2020-03-19

Problem Description:

The driver-specific ioctl(2) command handlers in oce(4) failed to check whether the caller has sufficient privileges to perform the corresponding operation.


The oce(4) handler permits unprivileged users to send passthrough commands to device firmware.


CVE Name CVE-2019-15876
FreeBSD Advisory SA-20:05.if_oce_ioctl