First published: Wed Apr 04 2018(Updated: )
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes. Unprivileged users may be able to access small amounts privileged kernel data.
Credit: secteam@freebsd.org
Affected Software | Affected Version | How to fix |
---|---|---|
FreeBSD FreeBSD | >=10.0<10.4 | |
FreeBSD FreeBSD | >=11.0<11.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-6919 has a medium severity rating, as it involves the disclosure of small amounts of kernel memory to userland processes.
To fix CVE-2018-6919, users should upgrade to FreeBSD versions 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8, or 10.3-RELEASE-p28.
CVE-2018-6919 affects unprivileged users running specific versions of FreeBSD prior to the patched releases.
The consequences of CVE-2018-6919 include the potential exposure of sensitive data from kernel memory to non-privileged users.
CVE-2018-6919 is considered to be of low complexity for exploitation, given the right conditions and access.