Memory leak in NetBSD - #VU17419
Published: February 7, 2019
Vulnerability identifier: #VU17419
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-401
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: NetBSD Foundation, Inc
Affected software:
NetBSD
NetBSD
Detailed vulnerability description
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to many bytes of kernel stack were leaked in the msgctl system call implemented in the compatibility layers. A local attacker can obtain data from kernel memory.
The weakness exists due to many bytes of kernel stack were leaked in the msgctl system call implemented in the compatibility layers. A local attacker can obtain data from kernel memory.
Remediation
Install update from vendor's website.