CVE-2018-6919
HIGHFreeBSD 10.0-10.3 - Unauthorized Kernel Memory Exposure via Insufficient Memory Initialization
Title source: llmDescription
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes. Unprivileged users may be able to access small amounts privileged kernel data.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103760
Mitigation, Vendor Advisory x_refsource_confirm
https://security.FreeBSD.org/advisories/FreeBSD-EN-18:04.mem.asc
Scores
CVSS v3
7.5
EPSS
0.0031
EPSS Percentile
54.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
freebsd/freebsd
10.0 - 10.4
Published
Apr 04, 2018
Tracked Since
Feb 18, 2026