CVE-2020-7463

In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic.

Published: Mar 26, 2021
Updated: Apr 14, 2023
CVE: CVE-2020-7463
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4.9
AV:L/AC:L/Au:N/C:N/I:N/A:C

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
freebsd / freebsd	11.3	11.3.x
freebsd / freebsd	11.3-p1	11.3-p1.x
freebsd / freebsd	11.3-p3	11.3-p3.x
freebsd / freebsd	11.3-p2	11.3-p2.x
freebsd / freebsd	12.1-p1	12.1-p1.x
freebsd / freebsd	12.1	12.1.x
freebsd / freebsd	11.3-p4	11.3-p4.x
freebsd / freebsd	11.3-p5	11.3-p5.x
freebsd / freebsd	11.3-p6	11.3-p6.x
freebsd / freebsd	12.1-p2	12.1-p2.x
freebsd / freebsd	11.3-p7	11.3-p7.x
freebsd / freebsd	12.1-p3	12.1-p3.x
freebsd / freebsd	12.1-p4	12.1-p4.x
freebsd / freebsd	11.3-p8	11.3-p8.x
freebsd / freebsd	11.4	11.4.x
freebsd / freebsd	12.1-p5	12.1-p5.x
freebsd / freebsd	11.3-p9	11.3-p9.x
freebsd / freebsd	12.1-p6	12.1-p6.x
freebsd / freebsd	11.3-p10	11.3-p10.x
freebsd / freebsd	11.3-p11	11.3-p11.x
freebsd / freebsd	11.4-p1	11.4-p1.x
freebsd / freebsd	12.1-p7	12.1-p7.x
freebsd / freebsd	12.1-p8	12.1-p8.x
freebsd / freebsd	11.4-p2	11.4-p2.x
freebsd / freebsd	11.3-p12	11.3-p12.x
freebsd / freebsd	12.2	12.2.x
apple / safari	-	14.1
apple / macos	11.0	11.3
apple / icloud	-	12.3
apple / itunes	-	12.11.3
apple / iphone_os	-	14.5
apple / tvos	-	14.5
apple / watchos	-	7.4
apple / ipados	-	14.5

Vulnerability Database

289,599

CVE-2020-7463