FKIE_CVE-2019-5612

Vulnerability from fkie_nvd - Published: 2019-08-30 09:15 - Updated: 2026-06-17 02:37
Severity
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. A multi-threaded program can exploit races in the handler to copy out kernel memory outside the boundaries of midistat's data buffer.
References
secteam@freebsd.orghttps://security.FreeBSD.org/advisories/FreeBSD-SA-19:23.midi.ascMitigation, Vendor Advisory
secteam@freebsd.orghttps://security.netapp.com/advisory/ntap-20190910-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.FreeBSD.org/advisories/FreeBSD-SA-19:23.midi.ascMitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190910-0002/Third Party Advisory
Impacted products
Vendor Product Version
freebsd freebsd 11.2
freebsd freebsd 11.2
freebsd freebsd 11.2
freebsd freebsd 11.2
freebsd freebsd 11.2
freebsd freebsd 11.2
freebsd freebsd 11.2
freebsd freebsd 11.2
freebsd freebsd 11.2
freebsd freebsd 11.2
freebsd freebsd 11.2
freebsd freebsd 11.2
freebsd freebsd 11.2
freebsd freebsd 11.3
freebsd freebsd 11.3
freebsd freebsd 11.3
freebsd freebsd 11.3
freebsd freebsd 11.3
freebsd freebsd 12.0
freebsd freebsd 12.0
freebsd freebsd 12.0
freebsd freebsd 12.0
freebsd freebsd 12.0
freebsd freebsd 12.0
netapp clustered_data_ontap -
To clipboard 

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "FreeBSD",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "before 12.0-RELEASE-p10"
            },
            {
              "status": "affected",
              "version": "before 11.3-RELEASE-p3"
            },
            {
              "status": "affected",
              "version": "before 11.2-RELEASE-p14"
            }
          ]
        }
      ],
      "source": "secteam@freebsd.org"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "3ACD1D8D-B3BC-4E99-B846-90A4071DB87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p10:*:*:*:*:*:*",
              "matchCriteriaId": "0A8A5CDA-E099-47BA-A0C0-2F79C0432156",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p11:*:*:*:*:*:*",
              "matchCriteriaId": "9AF6EBB1-EADE-41E2-A47B-0EC20F0C9899",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p12:*:*:*:*:*:*",
              "matchCriteriaId": "63721E89-F453-423F-B34B-07B44C85A052",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p13:*:*:*:*:*:*",
              "matchCriteriaId": "34134EDA-127A-48E2-B630-94DEF14666A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "699FE432-8DF0-49F1-A98B-0E19CE01E5CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "20B06752-39EE-4600-AC1F-69FB9C88E2A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:*",
              "matchCriteriaId": "22365F7C-2B00-4B61-84E8-EFBA3B8CFDC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*",
              "matchCriteriaId": "E86CD544-86C4-4D9D-9CE5-087027509EDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:*",
              "matchCriteriaId": "64E47AE7-BB45-428E-90E9-38BFDFF23650",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:*",
              "matchCriteriaId": "586B9FA3-65A2-41EB-A848-E4A75565F0CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p8:*:*:*:*:*:*",
              "matchCriteriaId": "1164B48E-2F28-43C5-9B7B-546EAE12E27D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:*",
              "matchCriteriaId": "F0B15B89-3AD2-4E03-9F47-DA934702187B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "528F64CB-7A82-45C0-87CD-74EB975CC0BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "F35957CE-AF9F-40CA-BDD1-FA6A0E73783F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "EA929713-B797-494A-853D-C121D9D69519",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "3C3D8EDC-91D3-45B2-AC1D-EF4346D4A714",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p3:*:*:*:*:*:*",
              "matchCriteriaId": "EA5006FF-06A5-4D95-BF5B-29F26248D11F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "826B53C2-517F-4FC6-92E8-E7FCB24F91B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*",
              "matchCriteriaId": "93F10A46-AEF2-4FDD-92D6-0CF07B70F986",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*",
              "matchCriteriaId": "C4029113-130F-4A33-A8A0-BC3E74000378",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p4:*:*:*:*:*:*",
              "matchCriteriaId": "46C5A6FD-7BBF-4E84-9895-8EE14DC846E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p5:*:*:*:*:*:*",
              "matchCriteriaId": "6D71D083-3279-4DF4-91E1-38C373DD062F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p8:*:*:*:*:*:*",
              "matchCriteriaId": "3070787D-76E1-4671-B99D-213F7103B3A2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. A multi-threaded program can exploit races in the handler to copy out kernel memory outside the boundaries of midistat\u0027s data buffer."
    },
    {
      "lang": "es",
      "value": "En FreeBSD versi\u00f3n 12.0-STABLE anterior a r351264, versi\u00f3n 12.0-RELEASE anterior a 12.0-RELEASE-p10, versi\u00f3n 11.3-STABLE anterior a r351265, versi\u00f3n 11.3-RELEASE anterior a 11.3-RELEASE-p3, y versi\u00f3n 11.2-RELEASE anterior a 11.2-RELEASE-p14, el controlador del kernel para /dev/midistat implementa un manejador de lectura que no es un hilo (subproceso) seguro. Un programa multihilo puede explotar las carreras en el manejador para copiar fuera de la memoria del kernel, fuera de l\u00edmites del b\u00fafer de datos de midistat."
    }
  ],
  "id": "CVE-2019-5612",
  "lastModified": "2026-06-17T02:37:56.503",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-30T09:15:21.020",
  "references": [
    {
      "source": "secteam@freebsd.org",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:23.midi.asc"
    },
    {
      "source": "secteam@freebsd.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190910-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:23.midi.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190910-0002/"
    }
  ],
  "sourceIdentifier": "secteam@freebsd.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.