Information disclosure in FreeBSD - CVE-2018-6919
Published: April 4, 2018 / Updated: July 17, 2020
Vulnerability identifier: #VU31336
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-6919
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: FreeBSD Foundation
Affected software:
FreeBSD
FreeBSD
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes. Unprivileged users may be able to access small amounts privileged kernel data.
How to mitigate CVE-2018-6919
Install update from vendor's website.