Information disclosure in FreeBSD - CVE-2018-6920
Published: May 8, 2018 / Updated: July 17, 2020
Vulnerability identifier: #VU31311
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-6920
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: FreeBSD Foundation
Affected software:
FreeBSD
FreeBSD
Detailed vulnerability description
The vulnerability allows a local authenticated user to gain access to sensitive information.
In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data.
How to mitigate CVE-2018-6920
Install update from vendor's website.