PT-2018-17821 · Freebsd · Freebsd
Published
2018-05-08
·
Updated
2018-06-13
·
CVE-2018-6920
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
FreeBSD versions prior to 11.1-STABLE(r332303)
FreeBSD versions prior to 11.1-RELEASE-p10
FreeBSD versions prior to 10.4-STABLE(r332321)
FreeBSD versions prior to 10.4-RELEASE-p9
Description
The issue is related to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, which may disclose small amounts of kernel memory to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data.
Recommendations
For versions prior to 11.1-STABLE(r332303), update to 11.1-STABLE(r332303) or later.
For versions prior to 11.1-RELEASE-p10, update to 11.1-RELEASE-p10 or later.
For versions prior to 10.4-STABLE(r332321), update to 10.4-STABLE(r332321) or later.
For versions prior to 10.4-RELEASE-p9, update to 10.4-RELEASE-p9 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Freebsd