Description
In FreeBSD 11.3-STABLE before r350217, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, due to insufficient initialization of memory copied to userland in the freebsd32_ioctl interface, small amounts of kernel memory may be disclosed to userland processes. This may allow an attacker to leverage this information to obtain elevated privileges either directly or indirectly.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
x_refsource_freebsd
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:14.freebsd32.asc
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/153749/FreeBSD-Security-Advisory-FreeBSD-SA-19-14.freebsd32.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190814-0003/
Scores
CVSS v3
6.5
EPSS
0.0100
EPSS Percentile
77.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-665
Status
published
Products (3)
freebsd/freebsd
11.0
freebsd/freebsd
11.2 (12 CPE variants)
freebsd/freebsd
11.3
Published
Jul 26, 2019
Tracked Since
Feb 18, 2026