FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- SCTP socket use-after-free bug

Affected packages
12.1 <= FreeBSD-kernel < 12.1_9
11.4 <= FreeBSD-kernel < 11.4_3
11.3 <= FreeBSD-kernel < 11.3_13


VuXML ID 77b877aa-ec18-11ea-88f8-901b0ef719ab
Discovery 2020-09-02
Entry 2020-09-02

Problem Description:

Due to improper handling in the kernel, a use-after-free bug can be triggered by sending large user messages from multiple threads on the same socket.


Triggering the use-after-free situation may result in unintended kernel behaviour including a kernel panic.


CVE Name CVE-2020-7463
FreeBSD Advisory SA-20:25.sctp