FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- pts(4) write-after-free

Affected packages
12.0 <= FreeBSD-kernel < 12.0_8
11.2 <= FreeBSD-kernel < 11.2_12
11.3 <= FreeBSD-kernel < 11.3_1

Details

VuXML ID 5721ae65-b30a-11e9-a87f-a4badb2f4699
Discovery 2019-07-24
Entry 2019-07-30

Problem Description:

The code which handles a close(2) of a descriptor created by posix_openpt(2) fails to undo the configuration which causes SIGIO to be raised. This bug can lead to a write-after-free of kernel memory.

Impact:

The bug permits malicious code to trigger a write-after-free, which may be used to gain root privileges or escape a jail.

References

CVE Name CVE-2019-5606
FreeBSD Advisory SA-19:13.pts

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.