FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Potential memory corruption in USB network device drivers

Affected packages
12.1 <= FreeBSD-kernel < 12.1_8
11.4 <= FreeBSD-kernel < 11.4_2
11.3 <= FreeBSD-kernel < 11.3_12


VuXML ID 9eb01384-d793-11ea-88f8-901b0ef719ab
Discovery 2020-08-05
Entry 2020-08-06

Problem Description:

A missing length validation code common to these three drivers means that a malicious USB device could write beyond the end of an allocated network packet buffer.


An attacker with physical access to a USB port and the ability to bring a network interface up may be able to use a specially crafted USB device to gain kernel or user-space code execution.


CVE Name CVE-2020-7459
FreeBSD Advisory SA-20:21.usb_net