CVE-2018-6920
MEDIUMFreeBSD 10.0-10.4 - Unauthenticated Exposure of Sensitive Information via Insufficient Memory Initialization
Title source: llmDescription
In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104114
Vendor Advisory x_refsource_confirm
https://security.FreeBSD.org/advisories/FreeBSD-EN-18:05.mem.asc
Scores
CVSS v3
5.5
EPSS
0.0006
EPSS Percentile
18.3%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
freebsd/freebsd
10.0 - 10.4
Published
May 08, 2018
Tracked Since
Feb 18, 2026