On FreeBSD eliminated six vulnerabilities that allow you to carry out a DoS attack, leave the jail environment, or gain access to kernel data. The problems were fixed in updates 12.1-RELEASE-p3 and 11.3-RELEASE-p7.
CVE-2020-7452 — due to an error in the implementation of epair virtual network interfaces, a user with PRIV_NET_IFCREATE or root rights from an isolated jail environment can cause the kernel to crash or execute their code with kernel rights.
CVE-2020-7453 — no check for string termination with a null character when processing the “osrelease” option through the jail_set system call, allows you to obtain the contents of adjacent kernel memory structures when the jail environment administrator makes a jail_get call, if support for launching nested jail environments is enabled through the children.max parameter ( By default, the creation of nested jail environments is prohibited).
CVE-2019-15877 — incorrect checking of privileges when accessing the driver ixl via ioctl allows an unprivileged user to install a firmware update for NVM devices.
CVE-2019-15876 — incorrect checking of privileges when accessing the driver oce via ioctl allows an unprivileged user to send commands to the firmware of Emulex OneConnect network adapters.
CVE-2020-7451 — by sending TCP SYN-ACK segments designed in a certain way over IPv6, one byte of kernel memory can be leaked over the network (the Traffic Class field is not initialized and contains residual data).
Three Errors in the ntpd time synchronization daemon can be used to cause a denial of service (causing the ntpd process to crash).