FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- pts(4) write-after-free

Affected packages
12.0 <= FreeBSD-kernel < 12.0_8
11.2 <= FreeBSD-kernel < 11.2_12
11.3 <= FreeBSD-kernel < 11.3_1


VuXML ID 5721ae65-b30a-11e9-a87f-a4badb2f4699
Discovery 2019-07-24
Entry 2019-07-30

Problem Description:

The code which handles a close(2) of a descriptor created by posix_openpt(2) fails to undo the configuration which causes SIGIO to be raised. This bug can lead to a write-after-free of kernel memory.


The bug permits malicious code to trigger a write-after-free, which may be used to gain root privileges or escape a jail.


CVE Name CVE-2019-5606
FreeBSD Advisory SA-19:13.pts