CVE-2024-25941
LOWFreeBSD - Information Disclosure via TTY Visibility in jail(2) System Call
Title source: llmDescription
The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information leak about processes outside the current jail. Attacker can get information about TTYs allocated on the host or in other jails. Effectively, the information printed by "pstat -t" may be leaked.
References (2)
Core 2
Core References
Third Party Advisory
https://security.netapp.com/advisory/ntap-20240510-0003/
Vendor Advisory vendor-advisory
https://security.freebsd.org/advisories/FreeBSD-SA-24:02.tty.asc
Scores
CVSS v3
3.3
EPSS
0.0009
EPSS Percentile
25.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
Status
published
Products (3)
freebsd/freebsd
13.2 p1 (9 CPE variants)
freebsd/freebsd
14.0 beta5 (7 CPE variants)
freebsd/freebsd
< 13.2
Published
Feb 15, 2024
Tracked Since
Feb 18, 2026