CVE-2019-5605

Name of the Vulnerable Software and Affected Versions FreeBSD versions 11.2-RELEASE before 11.2-RELEASE-p12 FreeBSD versions 11.3-RELEASE before 11.3-RELEASE-p1 FreeBSD versions 11.3-STABLE before r350217

Description The issue is related to insufficient initialization of memory copied to userland in the freebsd32 ioctl interface. This may cause small amounts of kernel memory to be disclosed to userland processes, potentially allowing an attacker to leverage this information to obtain elevated privileges.

Recommendations For FreeBSD versions 11.2-RELEASE before 11.2-RELEASE-p12, update to 11.2-RELEASE-p12 or later. For FreeBSD versions 11.3-RELEASE before 11.3-RELEASE-p1, update to 11.3-RELEASE-p1 or later. For FreeBSD versions 11.3-STABLE before r350217, update to r350217 or later.