FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Memory disclosure by stale virtual memory mapping

Affected packages
12.2 <= FreeBSD-kernel < 12.2_6
11.4 <= FreeBSD-kernel < 11.4_9


VuXML ID 13d37672-9791-11eb-b87a-901b0ef719ab
Discovery 2021-04-06
Entry 2021-04-07

Problem Description:

A particular case of memory sharing is mishandled in the virtual memory system. It is possible and legal to establish a relationship where multiple descendant processes share a mapping which shadows memory of an ancestor process. In this scenario, when one process modifies memory through such a mapping, the copy-on-write logic fails to invalidate other mappings of the source page. These stale mappings may remain even after the mapped pages have been reused for another purpose.


An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel.


CVE Name CVE-2021-29626
FreeBSD Advisory SA-21:08.vm