CVE-2020-24385 - OpenCVE

In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD before 7, a NULL pointer dereference was found in the Linux emulation layer that allows attackers to crash the running kernel. During binary interaction, td->td_emuldata in sys/compat/linux/linux_emul.h is not getting initialized and returns NULL from em_find().

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:L/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Freebsd	Freebsd
Midnightbsd	Midnightbsd

Configuration 1 [-]

OR	cpe:2.3:a:midnightbsd:midnightbsd::::::::
	cpe:2.3:a:midnightbsd:midnightbsd::::::::

Configuration 2 [-]

cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.midnightbsd.org/security/adv/MIDNIGHTBSD-SA-20:02.txt
https://www.midnightbsd.org/notes/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-09-03T14:35:36

Updated: 2024-08-04T15:12:08.690Z

Reserved: 2020-08-19T00:00:00

Link: CVE-2020-24385

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-09-03T15:15:11.457

Modified: 2020-09-11T14:06:02.533

Link: CVE-2020-24385

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD before 7, a NULL pointer dereference was found in the Linux emulation layer that allows attackers to crash the running kernel. During binary interaction, td->td_emuldata in sys/compat/linux/linux_emul.h is not getting initialized and returns NULL from em_find()."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-09-03T14:35:36", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.midnightbsd.org/notes/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.midnightbsd.org/security/adv/MIDNIGHTBSD-SA-20:02.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-24385", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD before 7, a NULL pointer dereference was found in the Linux emulation layer that allows attackers to crash the running kernel. During binary interaction, td->td_emuldata in sys/compat/linux/linux_emul.h is not getting initialized and returns NULL from em_find()."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.midnightbsd.org/notes/", "refsource": "MISC", "url": "https://www.midnightbsd.org/notes/"}, {"name": "http://www.midnightbsd.org/security/adv/MIDNIGHTBSD-SA-20:02.txt", "refsource": "CONFIRM", "url": "http://www.midnightbsd.org/security/adv/MIDNIGHTBSD-SA-20:02.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:12:08.690Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.midnightbsd.org/notes/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.midnightbsd.org/security/adv/MIDNIGHTBSD-SA-20:02.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-24385", "datePublished": "2020-09-03T14:35:36", "dateReserved": "2020-08-19T00:00:00", "dateUpdated": "2024-08-04T15:12:08.690Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:midnightbsd:midnightbsd:*:*:*:*:*:*:*:*", "matchCriteriaId": "049DCCEC-50B8-4E70-886F-E5FC3C0E0248", "versionEndExcluding": "1.2.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:midnightbsd:midnightbsd:*:*:*:*:*:*:*:*", "matchCriteriaId": "45E97C30-01B2-49EC-992D-6FED17D48BFB", "versionEndIncluding": "2020-08-19", "versionStartIncluding": "1.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "matchCriteriaId": "14AAC833-24C9-43C0-A81F-FA9F2CB1B1C9", "versionEndIncluding": "7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD before 7, a NULL pointer dereference was found in the Linux emulation layer that allows attackers to crash the running kernel. During binary interaction, td->td_emuldata in sys/compat/linux/linux_emul.h is not getting initialized and returns NULL from em_find()."}, {"lang": "es", "value": "En MidnightBSD versiones anteriores a 1.2.6 y versiones 1.3 anteriores a Agosto de 2020, y FreeBSD versiones anteriores a 7, se encontr\u00f3 una desreferencia del puntero NULL en la capa de emulaci\u00f3n de Linux que permite a atacantes bloquear el kernel en ejecuci\u00f3n. Durante la interacci\u00f3n binaria, td-)td_emuldata en el archivo sys/compat/linux/linux_emul.h no se inicializa y devuelve NULL desde la funci\u00f3n em_find()"}], "id": "CVE-2020-24385", "lastModified": "2020-09-11T14:06:02.533", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-03T15:15:11.457", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.midnightbsd.org/security/adv/MIDNIGHTBSD-SA-20:02.txt"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.midnightbsd.org/notes/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}