CVE-2017-1088

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-1088

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1088.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-1088

Withdrawn

2024-06-30T16:00:04.304923Z

Published

2017-11-16T20:29:00Z

Modified

2024-06-04T05:04:55.276433Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kldfilestat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. As a result, some bytes from the kernel stack can be observed in userspace.

References

Affected packages

Debian:10 / kfreebsd-10

Package

Name: kfreebsd-10
Purl: pkg:deb/debian/kfreebsd-10?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

10.*

10.3~svn300087-5

10.3~svn300087-6

10.3~svn300087+ds1-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1088.json"