MNBSD-2020-3: Memory corruption in kern_getfsstat()

Severity: Unknown

Affected Package: kernel

Summary: Memory corruption in kern_getfsstat()

Description

A memory corruption vulnerability in the kernel's kern_getfsstat() system call. An earlier fix for a related issue (CVE-2018-17154) was incomplete because it incorrectly assumed the problem was a NULL pointer dereference. A local user could trigger memory corruption. Originally published as MIDNIGHTBSD-SA-20:01.

Affected Versions

kernel

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2020-24863

Published: September 02, 2020
Last Modified: September 02, 2020