Total vulnerabilities in the database
The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case.
An attacker may cause the reference count to overflow, leading to a use after free (UAF).
| Software | From | Fixed in |
|---|---|---|
| freebsd / freebsd | 13.0-rc5 | 13.0-rc5.x |
| freebsd / freebsd | 13.0-rc1 | 13.0-rc1.x |
| freebsd / freebsd | 13.0-rc2 | 13.0-rc2.x |
| freebsd / freebsd | 13.0-rc4 | 13.0-rc4.x |
| freebsd / freebsd | 13.0-beta1 | 13.0-beta1.x |
| freebsd / freebsd | 13.0-beta2 | 13.0-beta2.x |
| freebsd / freebsd | 12.3-p1 | 12.3-p1.x |
| freebsd / freebsd | 12.3-p2 | 12.3-p2.x |
| freebsd / freebsd | 13.0-beta3 | 13.0-beta3.x |
| freebsd / freebsd | 13.0-beta3-p1 | 13.0-beta3-p1.x |
| freebsd / freebsd | 13.0-beta4 | 13.0-beta4.x |
| freebsd / freebsd | 13.0-p1 | 13.0-p1.x |
| freebsd / freebsd | 13.0-p2 | 13.0-p2.x |
| freebsd / freebsd | 13.0-p3 | 13.0-p3.x |
| freebsd / freebsd | 13.0-p4 | 13.0-p4.x |
| freebsd / freebsd | 13.0-p5 | 13.0-p5.x |
| freebsd / freebsd | 13.0-rc3 | 13.0-rc3.x |
| freebsd / freebsd | 13.0-rc5-p1 | 13.0-rc5-p1.x |
| freebsd / freebsd | 12.3-beta1 | 12.3-beta1.x |
| freebsd / freebsd | 12.3-p3 | 12.3-p3.x |
| freebsd / freebsd | 12.3-p4 | 12.3-p4.x |
| freebsd / freebsd | 12.3-p5 | 12.3-p5.x |
| freebsd / freebsd | 13.0-p10 | 13.0-p10.x |
| freebsd / freebsd | 13.0-p11 | 13.0-p11.x |
| freebsd / freebsd | 13.0-p6 | 13.0-p6.x |
| freebsd / freebsd | 13.0-p7 | 13.0-p7.x |
| freebsd / freebsd | 13.0-p8 | 13.0-p8.x |
| freebsd / freebsd | 13.0-p9 | 13.0-p9.x |