CVE-2018-6920

EUVD-2018-18664
In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Affected Products (NVD)
VendorProductVersion
freebsdfreebsd
10.0 ≤
𝑥
< 10.4
freebsdfreebsd
11.0 ≤
𝑥
< 11.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/104114
https://security.FreeBSD.org/advisories/FreeBSD-EN-18:05.mem.asc
http://www.securityfocus.com/bid/104114
https://security.FreeBSD.org/advisories/FreeBSD-EN-18:05.mem.asc