| Vulnerability Name: | CVE-2018-6920 (CCN-143077) | ||||||||||||
| Assigned: | 2018-05-08 | ||||||||||||
| Published: | 2018-05-08 | ||||||||||||
| Updated: | 2018-06-13 | ||||||||||||
| Summary: | In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data. | ||||||||||||
| CVSS v3 Severity: | 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) 4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-200 | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-6920 Source: BID Type: Third Party Advisory, VDB Entry 104114 Source: CCN Type: BID-104114 FreeBSD CVE-2018-6920 Local Information Disclosure Vulnerability Source: XF Type: UNKNOWN freebsd-cve20186920-info-disc(143077) Source: CONFIRM Type: Vendor Advisory https://security.FreeBSD.org/advisories/FreeBSD-EN-18:05.mem.asc Source: CCN Type: FreeBSD Security Advisory FreeBSD-EN-18:05.mem Multiple small kernel memory disclosures | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||