CVE-2014-0998

Freebsd - Numeric Error

Title source: rule

Description

Integer signedness error in the vt console driver (formerly Newcons) in FreeBSD 9.3 before p10 and 10.1 before p6 allows local users to cause a denial of service (crash) and possibly gain privileges via a negative value in a VT_WAITACTIVE ioctl call, which triggers an array index error and out-of-bounds kernel memory access.

Exploits (1)

exploitdb WRITEUP

dosfreebsd

https://www.exploit-db.com/exploits/35938

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/534563/100/0/threaded

[Exploit] http://seclists.org/fulldisclosure/2015/Jan/107

[Vendor Advisory] https://www.freebsd.org/security/advisories/FreeBSD-EN-15:01.vt.asc

[Exploit] http://www.coresecurity.com/advisories/freebsd-kernel-multiple-vulnerabilities

Scores

EPSS 0.0085

EPSS Percentile 75.0%

Details

CWE

CWE-189

Status published

Products (1)

freebsd/freebsd 10.1

Published Feb 02, 2015

Tracked Since Feb 18, 2026