FreeBSD Bugzilla – Attachment 188554 Details for
Bug 224106
security/vuxml missing FreeBSD SA entries
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
entry for SA-17:10.kldstat
vuln_SA-17:10.kldstat.xml (text/plain), 1.14 KB, created by
Miroslav Lachman
on 2017-12-05 14:56:44 UTC
(
hide
)
Description:
entry for SA-17:10.kldstat
Filename:
MIME Type:
Creator:
Miroslav Lachman
Created:
2017-12-05 14:56:44 UTC
Size:
1.14 KB
patch
obsolete
> > <vuln vid="67a7b055-d9cc-11e7-8804-f8b156ac3ff9"> > <topic>Information leak in kldstat(2)</topic> > <affects> > <package> > <name>FreeBSD</name> > <range><ge>11.1</ge><lt>11.1_4</lt></range> > <range><ge>11.0</ge><lt>11.0_15</lt></range> > <range><ge>10.4</ge><lt>10.4_3</lt></range> > <range><ge>10.3</ge><lt>10.3_24</lt></range> > </package> > </affects> > <description> > <body xmlns="http://www.w3.org/1999/xhtml"> > <h1>Problem Description:</h1> > <p>The kernel does not properly clear the memory of > the kld_file_stat structure before filling the data. > Since the structure filled by the kernel is allocated > on the kernel stack and copied to userspace, a leak > of information from the kernel stack is possible.</p> > <h1>Impact:</h1> > <p>Some bytes from the kernel stack can be observed > in userspace.</p> > </body> > </description> > <references> > <cvename>CVE-2017-1088</cvename> > <freebsdsa>SA-17:10.kldstat</freebsdsa> > </references> > <dates> > <discovery>2017-11-15</discovery> > <entry>2017-12-05</entry> > </dates> > </vuln>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=188554">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 224106
:
188542
|
188552
|
188553
| 188554 |
188555