| Vulnerability Name: | CVE-2018-17155 (CCN-150631) | ||||||||||||
| Assigned: | 2018-09-27 | ||||||||||||
| Published: | 2018-09-27 | ||||||||||||
| Updated: | 2018-11-23 | ||||||||||||
| Summary: | In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts privileged kernel data. | ||||||||||||
| CVSS v3 Severity: | 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) 4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-200 | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-17155 Source: XF Type: UNKNOWN freebsd-cve201817155-info-disc(150631) Source: CONFIRM Type: Patch, Vendor Advisory https://security.FreeBSD.org/advisories/FreeBSD-EN-18:12.mem.asc Source: CCN Type: FreeBSD-EN-18:12.mem Small kernel memory disclosures in two system calls Source: CCN Type: WhiteSource Vulnerability Database CVE-2018-17155 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||