CVE-2020-25582
Severity CVSS v4.0:
Pending analysis
Type:
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Publication date:
26/03/2021
Last modified:
12/07/2022
Description
In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed.
Impact
Base Score 3.x
8.70
Severity 3.x
HIGH
Base Score 2.0
8.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:freebsd:freebsd:11.4:-:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.4:p1:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.4:p2:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.4:p3:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.4:p4:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.4:p5:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.4:p6:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.4:p7:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:12.2:-:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:12.2:p1:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:12.2:p2:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:12.2:p3:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page