4 matches found
PlayStation: Use-after-free in setsockopt IPV6_2292PKTOPTIONS (CVE-2020-7457)
The PS5 is vulnerable to https://hackerone.com/reports/826026 which easily grants kernel access to an attacker. This vulnerability had been reported by me for the PS4 2 years ago when the PS5 did not yet exist, thus this should be considered as a new report and not a duplicate. I was able to use...
CVE-2020-7457
In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV62292PKTOPTIONS socket option set handler contained a race condition allowing a malicious application to modify memory...
CVE-2020-7457
CVE-2020-7457 concerns a missing synchronization in the FreeBSD IPV6_2292PKTOPTIONS set handler (setsockopt), causing a race against freed memory in the ip6_pktopts path. Impact described as potential memory corruption and privilege escalation. Affected lines include FreeBSD stable/12 and stable/...
FreeBSD-SA-20:20.ipv6
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:20.ipv6 Security Advisory The FreeBSD Project Topic: IPv6 socket option race condition and use after free Category: core Module: network Announced: 2020-07-0...