The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case. An attacker may cause the reference count to overflow, leading to a use after free (UAF).
2024-02-15T06:15:45.103
2025-06-04T21:59:04.990
Analyzed
CVSSv3.1: 7.7 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | freebsd | freebsd | 12.3 | Yes |
| Operating System | freebsd | freebsd | 12.3 | Yes |
| Operating System | freebsd | freebsd | 12.3 | Yes |
| Operating System | freebsd | freebsd | 12.3 | Yes |
| Operating System | freebsd | freebsd | 12.3 | Yes |
| Operating System | freebsd | freebsd | 12.3 | Yes |
| Operating System | freebsd | freebsd | 13.0 | Yes |
| Operating System | freebsd | freebsd | 13.0 | Yes |
| Operating System | freebsd | freebsd | 13.0 | Yes |
| Operating System | freebsd | freebsd | 13.0 | Yes |
| Operating System | freebsd | freebsd | 13.0 | Yes |
| Operating System | freebsd | freebsd | 13.0 | Yes |
| Operating System | freebsd | freebsd | 13.0 | Yes |
| Operating System | freebsd | freebsd | 13.0 | Yes |
| Operating System | freebsd | freebsd | 13.0 | Yes |
| Operating System | freebsd | freebsd | 13.0 | Yes |
| Operating System | freebsd | freebsd | 13.0 | Yes |
| Operating System | freebsd | freebsd | 13.0 | Yes |
| Operating System | freebsd | freebsd | 13.0 | Yes |
| Operating System | freebsd | freebsd | 13.0 | Yes |
| Operating System | freebsd | freebsd | 13.0 | Yes |
| Operating System | freebsd | freebsd | 13.0 | Yes |
| Operating System | freebsd | freebsd | 13.0 | Yes |
| Operating System | freebsd | freebsd | 13.0 | Yes |
| Operating System | freebsd | freebsd | 13.0 | Yes |
| Operating System | freebsd | freebsd | 13.0 | Yes |
| Operating System | freebsd | freebsd | 13.0 | Yes |
| Operating System | freebsd | freebsd | 13.0 | Yes |