Total vulnerabilities in the database
In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12.1-RELEASE before p10, 11.4-RELEASE before p4, and 11.3-RELEASE before p14, a programming error in the ure(4) device driver caused some Realtek USB Ethernet interfaces to incorrectly report packets with more than 2048 bytes in a single USB transfer as having a length of only 2048 bytes. An adversary can exploit this to cause the driver to misinterpret part of the payload of a large packet as a separate packet, and thereby inject packets across security boundaries such as VLANs.
| Software | From | Fixed in |
|---|---|---|
| freebsd / freebsd | 11.3 | 11.3.x |
| freebsd / freebsd | 11.3-p1 | 11.3-p1.x |
| freebsd / freebsd | 11.3-p3 | 11.3-p3.x |
| freebsd / freebsd | 11.3-p2 | 11.3-p2.x |
| freebsd / freebsd | 12.1-p1 | 12.1-p1.x |
| freebsd / freebsd | 12.1 | 12.1.x |
| freebsd / freebsd | 11.3-p4 | 11.3-p4.x |
| freebsd / freebsd | 11.3-p5 | 11.3-p5.x |
| freebsd / freebsd | 11.3-p6 | 11.3-p6.x |
| freebsd / freebsd | 12.1-p2 | 12.1-p2.x |
| freebsd / freebsd | 11.3-p7 | 11.3-p7.x |
| freebsd / freebsd | 12.1-p3 | 12.1-p3.x |
| freebsd / freebsd | 12.1-p4 | 12.1-p4.x |
| freebsd / freebsd | 11.3-p8 | 11.3-p8.x |
| freebsd / freebsd | 11.4 | 11.4.x |
| freebsd / freebsd | 12.1-p5 | 12.1-p5.x |
| freebsd / freebsd | 11.3-p9 | 11.3-p9.x |
| freebsd / freebsd | 12.1-p6 | 12.1-p6.x |
| freebsd / freebsd | 11.3-p10 | 11.3-p10.x |
| freebsd / freebsd | 11.3-p11 | 11.3-p11.x |
| freebsd / freebsd | 11.4-p1 | 11.4-p1.x |
| freebsd / freebsd | 12.1-p7 | 12.1-p7.x |
| freebsd / freebsd | 12.1-p9 | 12.1-p9.x |
| freebsd / freebsd | 12.1-p8 | 12.1-p8.x |
| freebsd / freebsd | 11.4-p3 | 11.4-p3.x |
| freebsd / freebsd | 11.4-p2 | 11.4-p2.x |
| freebsd / freebsd | 11.3-p13 | 11.3-p13.x |
| freebsd / freebsd | 11.3-p12 | 11.3-p12.x |
| freebsd / freebsd | 12.2 | 12.2.x |