CVE-2019-5605

EUVD-2019-15180
In FreeBSD 11.3-STABLE before r350217, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, due to insufficient initialization of memory copied to userland in the freebsd32_ioctl interface, small amounts of kernel memory may be disclosed to userland processes. This may allow an attacker to leverage this information to obtain elevated privileges either directly or indirectly.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
Affected Products (NVD)
VendorProductVersion
freebsdfreebsd
11.0
freebsdfreebsd
11.2
freebsdfreebsd
11.2:p10
freebsdfreebsd
11.2:p11
freebsdfreebsd
11.2:p2
freebsdfreebsd
11.2:p3
freebsdfreebsd
11.2:p4
freebsdfreebsd
11.2:p5
freebsdfreebsd
11.2:p6
freebsdfreebsd
11.2:p7
freebsdfreebsd
11.2:p8
freebsdfreebsd
11.2:p9
freebsdfreebsd
11.2:rc3
freebsdfreebsd
11.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/153749/FreeBSD-Security-Advisory-FreeBSD-SA-19-14.freebsd32.html
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:14.freebsd32.asc
https://security.netapp.com/advisory/ntap-20190814-0003/
http://packetstormsecurity.com/files/153749/FreeBSD-Security-Advisory-FreeBSD-SA-19-14.freebsd32.html
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:14.freebsd32.asc
https://security.netapp.com/advisory/ntap-20190814-0003/