FreeBSD -- Privilege escalation when returning from kernel

Description:

Problem description:

FreeBSD/amd64 runs on CPUs from different vendors. Due to varying behaviour of CPUs in 64 bit mode a sanity check of the kernel may be insufficient when returning from a system call.

Successful exploitation of the problem can lead to local kernel privilege escalation, kernel data corruption and/or crash. To exploit this vulnerability, an attacker must be able to run code with user privileges on the target system.

References:

FreeBSD security advisory FreeBSD-SA-12:04.sysret
CVE name CVE-2012-0217

Affects:

FreeBSD >=7.4 <7.4_9
FreeBSD >=8.1 <8.1_12
FreeBSD >=8.2 <8.2_9
FreeBSD >=8.3 <8.3_3
FreeBSD >=9.0 <9.0_3

portaudit: FreeBSD -- Privilege escalation when returning from kernel

Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.

If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Team. Refer to "FreeBSD Security Information" for more information.

Oliver Eikemeier <eik@FreeBSD.org>