QwikSec

Security Database

CVE

CWE

Training

CVE-2019-5605

Published: Jul 26, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

In FreeBSD 11.3-STABLE before r350217, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, due to insufficient initialization of memory copied to userland in the freebsd32_ioctl interface, small amounts of kernel memory may be disclosed to userland processes. This may allow an attacker to leverage this information to obtain elevated privileges either directly or indirectly.

Vendor	Product	Versions
FreeBSD	FreeBSD	affected `FreeBSD 11.x` affected `before 11.3-RELEASE-p1` affected `and before 11.2-RELEASE-p12`

References

FreeBSD-SA-19:14

vendor-advisory

x_refsource_FREEBSD

http://packetstormsecurity.com/files/153749/FreeBSD-Security-Advisory-FreeBSD-SA-19-14.freebsd32.html

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20190814-0003/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.