FreeBSD6B90ACBA-6A0A-11EA-92AB-00163E433440FreeBSD -- Kernel memory disclosure with nested jails
3.3 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:P/A:N
6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
0.0004 Low
EPSS
Percentile
12.6%
Problem Description:
A missing NUL-termination check for the jail_set(2) configration
option “osrelease” may return more bytes when reading the jail
configuration back with jail_get(2) than were originally set.
Impact:
For jails with a non-default setting of children.max > 0 (“nested
jails”) a superuser inside a jail can create a jail and may be able to
read and take advantage of exposed kernel memory.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | freebsd-kernel | = 12.1 | UNKNOWN |
| FreeBSD | any | noarch | freebsd-kernel | < 12.1_3 | UNKNOWN |
Related
3.3 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:P/A:N
6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
0.0004 Low
EPSS
Percentile
12.6%