CVE-2018-17155

2018-09-2700:00:00

freebsd

www.cve.org

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts privileged kernel data.

CNA Affected

[
  {
    "product": "FreeBSD",
    "vendor": "FreeBSD",
    "versions": [
      {
        "status": "affected",
        "version": "11.2 before 11.2-RELEASE-p4"
      },
      {
        "status": "affected",
        "version": "11.1 before 11.1-RELEASE-p15"
      },
      {
        "status": "affected",
        "version": "10.x before 10.4-RELEASE-p13"
      }
    ]
  }
]

References

security.FreeBSD.org/advisories/FreeBSD-EN-18:12.mem.asc