CVE-2017-1086

Name of the Vulnerable Software and Affected Versions FreeBSD versions prior to 11.1-STABLE FreeBSD versions prior to 11.1-RELEASE-p4 FreeBSD versions prior to 11.0-RELEASE-p15 FreeBSD versions prior to 10.4-STABLE FreeBSD versions prior to 10.4-RELEASE-p3 FreeBSD versions prior to 10.3-RELEASE-p24

Description The issue allows a leak of information from the kernel stack of a thread. This occurs because not all information in the struct ptrace lwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. As a result, some bytes from the kernel stack of the thread using the ptrace (PT LWPINFO) call can be observed in userspace.

Recommendations For versions prior to 11.1-STABLE, update to 11.1-STABLE or later. For versions prior to 11.1-RELEASE-p4, update to 11.1-RELEASE-p4 or later. For versions prior to 11.0-RELEASE-p15, update to 11.0-RELEASE-p15 or later. For versions prior to 10.4-STABLE, update to 10.4-STABLE or later. For versions prior to 10.4-RELEASE-p3, update to 10.4-RELEASE-p3 or later. For versions prior to 10.3-RELEASE-p24, update to 10.3-RELEASE-p24 or later.