CVE-2020-7464 — MEDIUM (5.3)

Vulnerability Description

In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12.1-RELEASE before p10, 11.4-RELEASE before p4, and 11.3-RELEASE before p14, a programming error in the ure(4) device driver caused some Realtek USB Ethernet interfaces to incorrectly report packets with more than 2048 bytes in a single USB transfer as having a length of only 2048 bytes. An adversary can exploit this to cause the driver to misinterpret part of the payload of a large packet as a separate packet, and thereby inject packets across security boundaries such as VLANs.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Freebsd	Freebsd	11.3

Related Weaknesses (CWE)

CWE-74

References

https://security.FreeBSD.org/advisories/FreeBSD-SA-20:27.ure.ascVendor Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:27.ure.ascVendor Advisory

FAQ

What is CVE-2020-7464?

CVE-2020-7464 is a vulnerability with a CVSS score of 5.3 (MEDIUM). In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12.1-RELEASE before p10, 11.4-RELEASE before p4, and 11.3-RELEASE before p14, a programming error in the ure(4) device driver caused ...

How severe is CVE-2020-7464?

CVE-2020-7464 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-7464?

Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Freebsd.