CVE-2018-6920

Name of the Vulnerable Software and Affected Versions FreeBSD versions prior to 11.1-STABLE(r332303) FreeBSD versions prior to 11.1-RELEASE-p10 FreeBSD versions prior to 10.4-STABLE(r332321) FreeBSD versions prior to 10.4-RELEASE-p9

Description The issue is related to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, which may disclose small amounts of kernel memory to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data.

Recommendations For versions prior to 11.1-STABLE(r332303), update to 11.1-STABLE(r332303) or later. For versions prior to 11.1-RELEASE-p10, update to 11.1-RELEASE-p10 or later. For versions prior to 10.4-STABLE(r332321), update to 10.4-STABLE(r332321) or later. For versions prior to 10.4-RELEASE-p9, update to 10.4-RELEASE-p9 or later.