Information disclosure in FreeBSD - CVE-2018-6921
Published: May 8, 2018 / Updated: July 17, 2020
Vulnerability identifier: #VU31312
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-6921
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: FreeBSD Foundation
Affected software:
FreeBSD
FreeBSD
Detailed vulnerability description
The vulnerability allows a local authenticated user to gain access to sensitive information.
In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to insufficient initialization of memory copied to userland in the network subsystem, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data.
How to mitigate CVE-2018-6921
Install update from vendor's website.