FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Kernel memory disclosure with nested jails

Affected packages
12.1 <= FreeBSD-kernel < 12.1_3
11.3 <= FreeBSD-kernel < 11.3_7

Details

VuXML ID 6b90acba-6a0a-11ea-92ab-00163e433440
Discovery 2020-03-19
Entry 2020-03-19

Problem Description:

A missing NUL-termination check for the jail_set(2) configration option "osrelease" may return more bytes when reading the jail configuration back with jail_get(2) than were originally set.

Impact:

For jails with a non-default setting of children.max > 0 ("nested jails") a superuser inside a jail can create a jail and may be able to read and take advantage of exposed kernel memory.

References

CVE Name CVE-2020-7453
FreeBSD Advisory SA-20:08.jail