What is the severity of CVE-2017-1086?

CVE-2017-1086 has been classified as medium severity due to potential information disclosure risks.

How do I fix CVE-2017-1086?

To fix CVE-2017-1086, you should update your FreeBSD installation to a version that includes the relevant patches.

What are the potential impacts of CVE-2017-1086?

The potential impacts of CVE-2017-1086 include unauthorized information disclosure from memory leaks in the kernel.

Is CVE-2017-1086 a remote exploit?

CVE-2017-1086 is not classified as a remote exploit, as it requires local access to the affected FreeBSD system.

Vulnerability/
CVE-2017-1086

low

3.3

CWE

200

16/11/2017

16/9/2024

CVE-2017-1086: Infoleak

First published: Thu Nov 16 2017(Updated: )

In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, not all information in the struct ptrace_lwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information of the kernel stack of the thread is possible from the debugger. As a result, some bytes from the kernel stack of the thread using ptrace (PT_LWPINFO) call can be observed in userspace.

Credit: secteam@freebsd.org

Affected Software	Affected Version	How to fix
FreeBSD Kernel

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-1086?
CVE-2017-1086 has been classified as medium severity due to potential information disclosure risks.
How do I fix CVE-2017-1086?
To fix CVE-2017-1086, you should update your FreeBSD installation to a version that includes the relevant patches.
What versions of FreeBSD are affected by CVE-2017-1086?
CVE-2017-1086 affects FreeBSD versions before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24.
What are the potential impacts of CVE-2017-1086?
The potential impacts of CVE-2017-1086 include unauthorized information disclosure from memory leaks in the kernel.
Is CVE-2017-1086 a remote exploit?
CVE-2017-1086 is not classified as a remote exploit, as it requires local access to the affected FreeBSD system.

agent/type
agent/softwarecombine
agent/weakness
agent/references
agent/severity
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/freebsd
canonical/freebsd kernel

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.