Description
In some cases, the ktrace facility will log the contents of kernel structures to userspace. In one such case, ktrace dumps a variable-sized sockaddr to userspace. There, the full sockaddr is copied, even when it is shorter than the full size. This can result in up to 14 uninitialized bytes of kernel memory being copied out to userspace. It is possible for an unprivileged userspace program to leak 14 bytes of a kernel heap allocation to userspace.
References (2)
Core 2
Core References
Vendor Advisory
https://security.netapp.com/advisory/ntap-20250207-0006/
Various Sources vendor-advisory
https://security.freebsd.org/advisories/FreeBSD-SA-25:04.ktrace.asc
Scores
CVSS v3
4.9
EPSS
0.0010
EPSS Percentile
27.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-122
Status
published
Products (1)
FreeBSD/FreeBSD
14.2-RELEASE - p1
Published
Jan 30, 2025
Tracked Since
Feb 18, 2026