CVE-2014-0998

FreeBSD 9.3-10.1 - Denial of Service and Privilege Escalation via VT_WAITACTIVE ioctl

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-0998.

AI-analyzed exploit summary This is a detailed technical writeup from Core Security describing multiple vulnerabilities in the FreeBSD kernel, including a sign conversion error in the vt console driver (CVE-2014-0998) and a memory corruption issue in SCTP socket handling (CVE-2014-8612). It includes root cause analysis, code snippets, and disassembly but does not contain functional exploit code.

Description

Integer signedness error in the vt console driver (formerly Newcons) in FreeBSD 9.3 before p10 and 10.1 before p6 allows local users to cause a denial of service (crash) and possibly gain privileges via a negative value in a VT_WAITACTIVE ioctl call, which triggers an array index error and out-of-bounds kernel memory access.

Exploits (1)

exploitdb WRITEUP

dosfreebsd

https://www.exploit-db.com/exploits/35938

View Code ZIP pw:eip

This is a detailed technical writeup from Core Security describing multiple vulnerabilities in the FreeBSD kernel, including a sign conversion error in the vt console driver (CVE-2014-0998) and a memory corruption issue in SCTP socket handling (CVE-2014-8612). It includes root cause analysis, code snippets, and disassembly but does not contain functional exploit code.

Classification

Writeup 100%

Attack Type

Lpe | Dos | Info Leak

Complexity

Moderate

Reliability

Theoretical

Target: FreeBSD Kernel 10.1-RELEASE

No auth needed

Prerequisites: Local access to the system · Ability to execute ioctl or setsockopt system calls

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/534563/100/0/threaded

Exploit mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2015/Jan/107

Vendor Advisory vendor-advisory x_refsource_freebsd

https://www.freebsd.org/security/advisories/FreeBSD-EN-15:01.vt.asc

Exploit x_refsource_misc

http://www.coresecurity.com/advisories/freebsd-kernel-multiple-vulnerabilities

Scores

EPSS 0.0092

EPSS Percentile 55.7%

Details

CWE

CWE-189

Status published

Products (1)

freebsd/freebsd 10.1

Published Feb 02, 2015

Tracked Since Feb 18, 2026