FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Privilege escalation when returning from kernel

Affected packages
7.4 <= FreeBSD < 7.4_9
8.1 <= FreeBSD < 8.1_12
8.2 <= FreeBSD < 8.2_9
8.3 <= FreeBSD < 8.3_3
9.0 <= FreeBSD < 9.0_3


VuXML ID aed44c4e-c067-11e1-b5e0-000c299b62e1
Discovery 2012-06-12
Entry 2012-06-27

Problem description:

FreeBSD/amd64 runs on CPUs from different vendors. Due to varying behaviour of CPUs in 64 bit mode a sanity check of the kernel may be insufficient when returning from a system call.

Successful exploitation of the problem can lead to local kernel privilege escalation, kernel data corruption and/or crash. To exploit this vulnerability, an attacker must be able to run code with user privileges on the target system.


CVE Name CVE-2012-0217
FreeBSD Advisory SA-12:04.sysret