Versions Affected : All verisons prior to FreeNAS 11.3-U4.1


Description

A missing length validation code common to these three drivers means that a malicious USB device could write beyond the end of an allocated network packet buffer.

An attacker with physical access to a USB port and the ability to bring a network interface up may be able to use a specially crafted USB device to gain kernel or user-space code execution.


Workaround

No workaround is available.


Mitigation

  • Upgrade to FreeNAS 11.3-U5 or later.

Commit


Further information