CVE-2018-17154

Name of the Vulnerable Software and Affected Versions FreeBSD versions prior to 11.2-STABLE(r338987) FreeBSD versions prior to 11.2-RELEASE-p4 FreeBSD versions prior to 11.1-RELEASE-p15

Description The issue is caused by insufficient memory checking in the freebsd4 getfsstat system call, which can lead to a NULL pointer dereference. This can result in a denial of service. Unprivileged authenticated local users may be able to exploit this issue.

Recommendations For versions prior to 11.2-STABLE(r338987), update to 11.2-STABLE(r338987) or later. For versions prior to 11.2-RELEASE-p4, update to 11.2-RELEASE-p4 or later. For versions prior to 11.1-RELEASE-p15, update to 11.1-RELEASE-p15 or later.