CVE-2014-3873

FreeBSD 8.4 < p11, 9.1 < p14, 9.2 < p7, 9.3-BETA1 < p1 - Information Disclosure via ktrace Page Fault Entry Size

Title source: llm
STIX 2.1

Description

The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 9.3-BETA1 before p1 uses an incorrect page fault kernel trace entry size, which allows local users to obtain sensitive information from kernel memory via a kernel process trace.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/67812
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/58627
Patch, Vendor Advisory vendor-advisory x_refsource_freebsd
http://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A12.ktrace.asc
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1030325

Scores

EPSS 0.0006
EPSS Percentile 19.1%

Details

CWE
CWE-20
Status published
Products (4)
freebsd/freebsd 8.4
freebsd/freebsd 9.1
freebsd/freebsd 9.2
freebsd/freebsd 9.3 beta1
Published Jun 10, 2014
Tracked Since Feb 18, 2026