CVE-2021-29627 – A double-free vulnerability in FreeBSD's accept... (How to Fix)

📋 TL;DR

A double-free vulnerability in FreeBSD's accept filter implementation allows attackers to potentially execute arbitrary code or cause denial of service. This affects FreeBSD systems with listening sockets using accept filters. The vulnerability occurs when additional operations are performed on affected sockets after incorrect memory handling.

💻 Affected Systems

Products:

FreeBSD

Versions: FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6

Operating Systems: FreeBSD

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when using listening sockets with accept filters that implement the accf_create callback.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise if an attacker can trigger the double-free condition and achieve memory corruption.

🟠

Likely Case

Denial of service through system crash or instability when the double-free condition is triggered.

🟢

If Mitigated

Limited impact if systems are patched or don't use accept filters on listening sockets.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires triggering specific socket operations after the initial memory handling error.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FreeBSD 13.0-STABLE n245050+, 12.2-STABLE r369525+, 13.0-RC4 p0+, 12.2-RELEASE p6+

Vendor Advisory: https://security.FreeBSD.org/advisories/FreeBSD-SA-21:09.accept_filter.asc

Restart Required: Yes

Instructions:

1. Update FreeBSD using freebsd-update fetch && freebsd-update install
2. Rebuild kernel if using custom kernel
3. Reboot system to apply kernel updates

🔧 Temporary Workarounds

Disable accept filters

all

Remove or disable accept filters on listening sockets to prevent triggering the vulnerability

Modify socket configuration to remove accept_filter directives

🧯 If You Can't Patch

Restrict network access to affected systems using firewalls
Monitor for abnormal socket behavior or system crashes

🔍 How to Verify

Check if Vulnerable:

Check FreeBSD version with 'uname -a' and compare against affected versions

Check Version:

uname -a

Verify Fix Applied:

Verify version is patched and check that freebsd-update reports no available security updates

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
System crash dumps
Abnormal socket error messages

Network Indicators:

Unexpected socket connection attempts
Abnormal traffic to listening ports

SIEM Query:

source="kernel" AND ("panic" OR "double free" OR "use after free")

📊 Metadata

CVE ID: CVE-2021-29627

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-415

Published: April 7, 2021

Last Updated: November 21, 2024

🔗 References

https://security.FreeBSD.org/advisories/FreeBSD-SA-21:09.accept_filter.asc Vendor Advisory
https://security.netapp.com/advisory/ntap-20210423-0007/ Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:09.accept_filter.asc Vendor Advisory
https://security.netapp.com/advisory/ntap-20210423-0007/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-29627, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Freebsd by Freebsd

Freebsd by Freebsd

Freebsd by Freebsd

Freebsd by Freebsd

Freebsd by Freebsd

Freebsd by Freebsd

Freebsd by Freebsd

Freebsd by Freebsd

Freebsd by Freebsd

Freebsd by Freebsd

Freebsd by Freebsd

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable accept filters

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities