CVE-2021-29628

In FreeBSD 13.0-STABLE before n245764-876ffe28796c, 12.2-STABLE before r369857, 13.0-RELEASE before p1, and 12.2-RELEASE before p7, a system call triggering a fault could cause SMAP protections to be disabled for the duration of the system call. This weakness could be combined with other kernel bugs to craft an exploit.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:11.smap.asc	Exploit Vendor Advisory
https://security.netapp.com/advisory/ntap-20210713-0002/	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:freebsd:freebsd:12.2:-::::::
	cpe:2.3:o:freebsd:freebsd:12.2:beta1-p1::::::
	cpe:2.3:o:freebsd:freebsd:12.2:p1::::::
	cpe:2.3:o:freebsd:freebsd:12.2:p2::::::
	cpe:2.3:o:freebsd:freebsd:12.2:p3::::::
	cpe:2.3:o:freebsd:freebsd:12.2:p4::::::
	cpe:2.3:o:freebsd:freebsd:12.2:p5::::::
	cpe:2.3:o:freebsd:freebsd:12.2:p6::::::
	cpe:2.3:o:freebsd:freebsd:13.0:-::::::
	cpe:2.3:o:freebsd:freebsd:13.0:beta3-p1::::::
	cpe:2.3:o:freebsd:freebsd:13.0:rc3::::::
	cpe:2.3:o:freebsd:freebsd:13.0:rc4::::::
	cpe:2.3:o:freebsd:freebsd:13.0:rc5-p1::::::

History

No history.

Information

Published : 2021-05-28 15:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-29628

Mitre link : CVE-2021-29628

CVE.ORG link : CVE-2021-29628

JSON object : View

Products Affected

freebsd

freebsd

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2021-29628", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-05-28T15:15:08.627", "references": [{"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:11.smap.asc", "tags": ["Exploit", "Vendor Advisory"], "source": "secteam@freebsd.org"}, {"url": "https://security.netapp.com/advisory/ntap-20210713-0002/", "tags": ["Third Party Advisory"], "source": "secteam@freebsd.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "In FreeBSD 13.0-STABLE before n245764-876ffe28796c, 12.2-STABLE before r369857, 13.0-RELEASE before p1, and 12.2-RELEASE before p7, a system call triggering a fault could cause SMAP protections to be disabled for the duration of the system call. This weakness could be combined with other kernel bugs to craft an exploit."}, {"lang": "es", "value": "En FreeBSD versiones 13.0-STABLE anteriores a n245764-876ffe28796c, versiones 12.2-STABLE anteriores a r369857, versiones 13.0-RELEASE anteriores a p1 y versiones 12.2-RELEASE anteriores a p7, una llamada al sistema que desencadena un fallo podr\u00eda causar que las protecciones SMAP sean deshabilitadas durante la llamada al sistema. Esta debilidad podr\u00eda ser combinada con otros bugs del kernel para dise\u00f1ar una explotaci\u00f3n"}], "lastModified": "2022-05-16T20:55:20.930", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:12.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73D9C08B-8F5B-40C4-A5BD-B00D2E4C012D"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.2:beta1-p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04A52071-1307-4038-ACDF-F69954E95A39"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.2:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62A178A3-6A52-4981-9A27-FB07AD8AF778"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.2:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54A487B1-E5CE-4C76-87E8-518D24C5D86D"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.2:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F084CAB-D138-4BF6-ABC2-2314F0FDE0D1"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.2:p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C232CA9-FC15-4596-AA99-74509A714C12"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.2:p5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25BD9C03-6219-49EB-B503-CD44A3B9AA0A"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.2:p6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "900755CC-07EF-4799-B5B4-F3762B3650E8"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "174265E7-6B73-4546-B4C7-3826C7EB5624"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta3-p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC7326E3-908D-47A1-B848-3AA7F34B3DD3"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADBA841F-5C83-4759-84B7-B59DA1B12EA8"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A8F38B3-A6DA-4178-A2BD-0D4F0267C384"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc5-p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00D28E4E-022B-482E-9952-7F7F47C427C2"}], "operator": "OR"}]}], "sourceIdentifier": "secteam@freebsd.org"}