#VU17408 Information disclosure in NetBSD
Published: February 7, 2019
Vulnerability identifier: #VU17408
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
NetBSD
NetBSD
Software vendor:
NetBSD Foundation, Inc
NetBSD Foundation, Inc
Description
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an inverted logic in netbsd32 caused some kernel memory bytes to wrongfully be copied to userland. A local attacker can obtain data from kernel memory.
The weakness exists due to an inverted logic in netbsd32 caused some kernel memory bytes to wrongfully be copied to userland. A local attacker can obtain data from kernel memory.
Remediation
Install update from vendor's website.