CVE-2019-15877

Summary

In FreeBSD 12.1-STABLE before r356606 and 12.1-RELEASE before 12.1-RELEASE-p3, driver specific ioctl command handlers in the ixl network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to trigger updates to the device's non-volatile memory.

Affected Software

VendorProductVersion RangeStatus
n/aFreeBSD12.1-STABLE before r356606, 12.1-RELEASE before 12.1-RELEASE-p3affected

Weaknesses

  • Missing authorization

ADP Enrichment

CVE Program Container

Additional References

References