CVE-2021-29627

Published on: 04/07/2021 12:00:00 AM UTC

Last Modified on: 04/16/2021 02:20:00 PM UTC

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Freebsd from Freebsd contain the following vulnerability:

In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string. Additional operations on the socket can lead to a double free or use after free.

  • CVE-2021-29627 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 7.2 - HIGH

Access
Vector
Access
Complexity
Authentication
LOCAL LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
COMPLETE COMPLETE COMPLETE

CVE References

Description Tags Link
security.FreeBSD.org
text/plain
MISC security.FreeBSD.org/advisories/FreeBSD-SA-21:09.accept_filter.asc

Exploit/POC from Github

Trigger-only for CVE-2021-29627

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
FreebsdFreebsdAllAllAllAll
Operating
System
FreebsdFreebsd12.2-AllAll
Operating
System
FreebsdFreebsd12.2p1AllAll
Operating
System
FreebsdFreebsd12.2p2AllAll
Operating
System
FreebsdFreebsd13.0beta1AllAll
Operating
System
FreebsdFreebsd13.0beta2AllAll
Operating
System
FreebsdFreebsd13.0beta3AllAll
Operating
System
FreebsdFreebsd13.0beta4AllAll
Operating
System
FreebsdFreebsd13.0rc1AllAll
Operating
System
FreebsdFreebsd13.0rc2AllAll
Operating
System
FreebsdFreebsd13.0rc3AllAll
  • cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:freebsd:freebsd:12.2:-:*:*:*:*:*:*:
  • cpe:2.3:o:freebsd:freebsd:12.2:p1:*:*:*:*:*:*:
  • cpe:2.3:o:freebsd:freebsd:12.2:p2:*:*:*:*:*:*:
  • cpe:2.3:o:freebsd:freebsd:13.0:beta1:*:*:*:*:*:*:
  • cpe:2.3:o:freebsd:freebsd:13.0:beta2:*:*:*:*:*:*:
  • cpe:2.3:o:freebsd:freebsd:13.0:beta3:*:*:*:*:*:*:
  • cpe:2.3:o:freebsd:freebsd:13.0:beta4:*:*:*:*:*:*:
  • cpe:2.3:o:freebsd:freebsd:13.0:rc1:*:*:*:*:*:*:
  • cpe:2.3:o:freebsd:freebsd:13.0:rc2:*:*:*:*:*:*:
  • cpe:2.3:o:freebsd:freebsd:13.0:rc3:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @CVEreport CVE-2021-29627 : In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RE… twitter.com/i/web/status/1… 2021-04-07 15:04:10
Twitter Icon @LinInfoSec Freebsd - CVE-2021-29627: security.FreeBSD.org/advisories/Fre… 2021-04-07 22:28:53
Twitter Icon @gr4yf0x Published a trigger+spray primitive for CVE-2021-29627 (FreeBSD kernel double-free). If someone has an interesting… twitter.com/i/web/status/1… 2021-04-12 07:56:41
Twitter Icon @piedpiper1616 GitHub - raymontag/cve-2021-29627: Trigger-only for CVE-2021-29627 - github.com/raymontag/cve-… 2021-04-12 09:49:52
Twitter Icon @LightningMods_ A Trigger for a UAF in FreeBSD upto version 13 that was released on 04/08/2021 Interesting stuff github.com/raymontag/cve-… 2021-04-12 13:29:25
Twitter Icon @ipssignatures I know no IPS that has a protection/signature/rule for the vulnerability CVE-2021-29627. The vuln was published 5 d… twitter.com/i/web/status/1… 2021-04-12 19:04:00
Twitter Icon @ipssignatures The vuln CVE-2021-29627 has a tweet created 0 days ago and retweeted 7 times. twitter.com/gr4yf0x/status… #Srbpm7sr44juzm 2021-04-12 19:04:00
Twitter Icon @ipssignatures The vuln CVE-2021-29627 has a tweet created 0 days ago and retweeted 11 times. twitter.com/gr4yf0x/status… #pow1rtrtwwcve 2021-04-12 23:06:00
Twitter Icon @vulmoncom FreeBSD privilege escalation vulnerability vulmon.com/vulnerabilityd… CVE-2021-29627 #infosec #cybersecurity 2021-04-13 00:15:01
Twitter Icon @ptracesecurity Trigger-only for CVE-2021-29627 github.com/raymontag/cve-… #Pentesting #CVE #CyberSecurity #Infosec https://t.co/NjQ9L54N7a 2021-04-13 07:32:51
Twitter Icon @Necio_news raymontag/cve-2021-29627 #Infosec #cybersecurity #security github.com/raymontag/cve-… 2021-04-13 10:01:12
Twitter Icon @AlirezaGhahrood CVE-2021-29627: In FreeBSD 13.0-STABLE < n245050, 12.2-STABLE < r369525, 13.0-RC4 < p0, 12.2-RELEASE < p6, listenin… twitter.com/i/web/status/1… 2021-04-13 14:02:15
Twitter Icon @ipssignatures The vuln CVE-2021-29627 has a tweet created 0 days ago and retweeted 11 times. twitter.com/ptracesecurity… #pow1rtrtwwcve 2021-04-13 17:06:01
Twitter Icon @hetmehtaa #cybersecurity #informationsecurity #dataprotection #datasecurity #infosec CVE-2021-29627: In FreeBSD 13.0-STABLE… twitter.com/i/web/status/1… 2021-04-13 18:23:11
Twitter Icon @Har_sia CVE-2021-29627 har-sia.info/CVE-2021-29627… #HarsiaInfo 2021-04-13 18:25:02
Reddit Logo Icon /r/vulnintel FreeBSD privilege escalation vulnerability (CVE-2021-29627) 2021-04-13 00:14:44