CVE-2020-25578
MEDIUMFreeBSD <12.2-STABLE r368969, 11.4-STABLE r369047, 12.2-RELEASE p3,...
Title source: llmDescription
In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_off field of the dirent structures returned by VOP_READDIR. In particular, tmpfs(5), smbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result, eight uninitialized kernel stack bytes may be leaked to userspace by these file systems.
Exploits (1)
nomisec
WORKING POC
6 stars
by farazsth98 · poc
https://github.com/farazsth98/freebsd-dirent-info-leak-bugs
Scores
CVSS v3
5.3
EPSS
0.0655
EPSS Percentile
91.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-665
Status
published
Products (3)
freebsd/freebsd
11.4 (7 CPE variants)
freebsd/freebsd
12.1 (13 CPE variants)
freebsd/freebsd
12.2 (3 CPE variants)
Published
Mar 26, 2021
Tracked Since
Feb 18, 2026