FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Improper ELF header parsing

Affected packages
11.2 <= FreeBSD-kernel < 11.2_3
11.1 <= FreeBSD-kernel < 11.1_14
10.4 <= FreeBSD-kernel < 10.4_12

Details

VuXML ID a67c122a-b693-11e8-ac58-a4badb2f4699
Discovery 2018-09-12
Entry 2018-09-12

Problem Description:

Insufficient validation was performed in the ELF header parser, and malformed or otherwise invalid ELF binaries were not rejected as they should be.

Impact:

Execution of a malicious ELF binary may result in a kernel crash or may disclose kernel memory.

References

CVE Name CVE-2018-6924
FreeBSD Advisory SA-18:12.elf