Code injection

The sysamd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service kernel panic...

CVE-2015-5675

Removed by vendor...

FreeBSD : FreeBSD -- Local privilege escalation in IRET handler (0dfa5dde-600a-11e6-a6c3-14dae9d210b8)

If the kernel-mode IRET instruction generates an SS or NP exception, but the exception handler does not properly ensure that the right GS register base for kernel is reloaded, the userland GS segment may be used in the context of the kernel exception handler. Impact : By causing an IRET with SS o...

FreeBSD Security Advisory FreeBSD-SA-15:21.amd64

============================================================================= FreeBSD-SA-15:21.amd64 Security Advisory The FreeBSD Project Topic: Local privilege escalation in IRET handler Category: core Module: sysamd64 Announced: 2015-08-25 Credits: Konstantin Belousov, Andrew Lutomirski Affect...

FreeBSD-SA-15:21.amd64

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:21.amd64 Security Advisory The FreeBSD Project Topic: Local privilege escalation in IRET handler Category: core Module: sysamd64 Announced: 2015-08-25...

FreeBSD -- Local privilege escalation in IRET handler

Problem Description: If the kernel-mode IRET instruction generates an SS or NP exception, but the exception handler does not properly ensure that the right GS register base for kernel is reloaded, the userland GS segment may be used in the context of the kernel exception handler. Impact: By causi...