CVE-2018-6919: Infoleak
First published: Wed Apr 04 2018(Updated: )
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes. Unprivileged users may be able to access small amounts privileged kernel data.
Credit: secteam@freebsd.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FreeBSD Kernel | >=10.0<10.4 | |
| FreeBSD Kernel | >=11.0<11.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-6919?
CVE-2018-6919 has a medium severity rating, as it involves the disclosure of small amounts of kernel memory to userland processes.
How do I fix CVE-2018-6919?
To fix CVE-2018-6919, users should upgrade to FreeBSD versions 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8, or 10.3-RELEASE-p28.
Who is affected by CVE-2018-6919?
CVE-2018-6919 affects unprivileged users running specific versions of FreeBSD prior to the patched releases.
What are the consequences of CVE-2018-6919?
The consequences of CVE-2018-6919 include the potential exposure of sensitive data from kernel memory to non-privileged users.
Is CVE-2018-6919 easy to exploit?
CVE-2018-6919 is considered to be of low complexity for exploitation, given the right conditions and access.
- agent/references
- agent/type
- agent/softwarecombine
- agent/severity
- agent/author
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/freebsd
- canonical/freebsd kernel
- version/freebsd kernel/10.0
- version/freebsd kernel/11.0