Information disclosure in NetBSD - #VU17408
Published: February 7, 2019
Vulnerability identifier: #VU17408
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: NetBSD Foundation, Inc
Affected software:
NetBSD
NetBSD
Detailed vulnerability description
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an inverted logic in netbsd32 caused some kernel memory bytes to wrongfully be copied to userland. A local attacker can obtain data from kernel memory.
The weakness exists due to an inverted logic in netbsd32 caused some kernel memory bytes to wrongfully be copied to userland. A local attacker can obtain data from kernel memory.
Remediation
Install update from vendor's website.