Main Vulnerability Database Vulnerabilities #VU39654

Permissions, Privileges, and Access Controls in FreeBSD - CVE-2016-1880

Published: February 15, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU39654

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-1880

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: FreeBSD Foundation

Affected software:
FreeBSD

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to read portions of kernel memory and potentially gain privilege via unspecified vectors, related to "handling of Linux futex robust lists."

How to mitigate CVE-2016-1880

Install update from vendor's website.

Sources

http://www.securitytracker.com/id/1034675
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:03.linux.asc

Permissions, Privileges, and Access Controls in FreeBSD - CVE-2016-1880

Detailed vulnerability description

How to mitigate CVE-2016-1880

Sources

Please verify you're human