VULHUB ™

aio.h is a library implementing the POSIX standard for asynchronous I/O. Support for AIO may be enabled in FreeBSD by compiling the kernel with the VFS_AIO option. This option is not enabled in the default kernel configuration. Under some circumstances, pending reads from an input socket may persist through a call to execve. Eventually the read will continue, and write to the memory space of the new process. If a local user is able to create and execute a malicious program calling a suid program, it may be possible to overwrite arbitrary memory locations in the suid process with arbitrary data. This could immediately lead to escalated privileges.

aio.h is a library implementing the POSIX standard for asynchronous I/O. Support for AIO may be enabled in FreeBSD by compiling the kernel with the VFS_AIO option. This option is not enabled in the default kernel configuration. Under some circumstances, pending reads from an input socket may persist through a call to execve. Eventually the read will continue, and write to the memory space of the new process. If a local user is able to create and execute a malicious program calling a suid program, it may be possible to overwrite arbitrary memory locations in the suid process with arbitrary data. This could immediately lead to escalated privileges.