FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Incorrect argument validation in sysarch(2)

Affected packages
11.0 <= FreeBSD-kernel < 11.0_2
10.3 <= FreeBSD-kernel < 10.3_11
10.2 <= FreeBSD-kernel < 10.2_24
10.1 <= FreeBSD-kernel < 10.1_41
9.3 <= FreeBSD-kernel < 9.3_49

Details

VuXML ID 7b6a11b5-600a-11e6-a6c3-14dae9d210b8
Discovery 2016-03-16
Entry 2016-08-11
Modified 2016-10-25

Problem Description:

A special combination of sysarch(2) arguments, specify a request to uninstall a set of descriptors from the LDT. The start descriptor is cleared and the number of descriptors are provided. Due to lack of sufficient bounds checking during argument validity verification, unbound zero'ing of the process LDT and adjacent memory can be initiated from usermode.

Impact:

This vulnerability could cause the kernel to panic. In addition it is possible to perform a local Denial of Service against the system by unprivileged processes.

References

CVE Name CVE-2016-1885
FreeBSD Advisory SA-16:15.sysarch