CVE-2019-5595

MEDIUM

FreeBSD <11.2-STABLE,r343782;11.2-RELEASE-p9;12.0-STABLE,r343781;12...

Title source: llm

Description

In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call to be exposed.

References (2)

[Patch, Vendor Advisory] https://security.FreeBSD.org/advisories/FreeBSD-SA-19:01.syscall.asc

[Third Party Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/156624

Scores

CVSS v3 5.5

EPSS 0.0006

EPSS Percentile 18.5%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-459

Status published

Products (2)

freebsd/freebsd 11.2

freebsd/freebsd 12.0

Published Feb 12, 2019

Tracked Since Feb 18, 2026