CVE-2018-17155

In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts privileged kernel data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
freebsdCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
VendorProductVersion
freebsdfreebsd
𝑥
< 11.2
freebsdfreebsd
10.4
freebsdfreebsd
10.4:p13
freebsdfreebsd
11.1:p15
freebsdfreebsd
11.2:p4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.FreeBSD.org/advisories/FreeBSD-EN-18:12.mem.asc
https://security.FreeBSD.org/advisories/FreeBSD-EN-18:12.mem.asc