Description
In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts privileged kernel data.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://security.FreeBSD.org/advisories/FreeBSD-EN-18:12.mem.asc
Scores
CVSS v3
5.5
EPSS
0.0005
EPSS Percentile
16.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (4)
freebsd/freebsd
10.4 (2 CPE variants)
freebsd/freebsd
11.1 p15
freebsd/freebsd
11.2 p4
freebsd/freebsd
< 11.2
Published
Sep 28, 2018
Tracked Since
Feb 18, 2026