Back to search
CVE-2017-1088
Published: Nov 16, 2017
Modified: Sep 16, 2024
PUBLISHED
Description
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. As a result, some bytes from the kernel stack can be observed in userspace.
| Vendor | Product | Versions |
|---|---|---|
FreeBSD | FreeBSD | affected All supported versions of FreeBSD |
References
101857
vdb-entry
x_refsource_BID
FreeBSD-SA-17:10
vendor-advisory
x_refsource_FREEBSD
1039811
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now