CVE-2017-1088

Name of the Vulnerable Software and Affected Versions FreeBSD versions prior to 11.1-STABLE FreeBSD versions prior to 11.1-RELEASE-p4 FreeBSD versions prior to 11.0-RELEASE-p15 FreeBSD versions prior to 10.4-STABLE FreeBSD versions prior to 10.4-RELEASE-p3 FreeBSD versions prior to 10.3-RELEASE-p24

Description The issue arises from the kernel's failure to properly clear the memory of the kld file stat structure before filling the data. This structure, allocated on the kernel stack and copied to userspace, can lead to a leak of information from the kernel stack. As a result, some bytes from the kernel stack can be observed in userspace.

Recommendations For versions prior to 11.1-STABLE, update to 11.1-STABLE or later. For versions prior to 11.1-RELEASE-p4, update to 11.1-RELEASE-p4 or later. For versions prior to 11.0-RELEASE-p15, update to 11.0-RELEASE-p15 or later. For versions prior to 10.4-STABLE, update to 10.4-STABLE or later. For versions prior to 10.4-RELEASE-p3, update to 10.4-RELEASE-p3 or later. For versions prior to 10.3-RELEASE-p24, update to 10.3-RELEASE-p24 or later.