PT-2020-9763 · Freebsd · Freebsd

Published

2020-01-28

·

Updated

2020-03-04

·

CVE-2019-15875

CVSS v3.1

3.3

Low

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions FreeBSD versions 12.1-STABLE before r354734 FreeBSD versions 12.1-RELEASE before 12.1-RELEASE-p2 FreeBSD versions 12.0-RELEASE before 12.0-RELEASE-p13 FreeBSD versions 11.3-STABLE before r354735 FreeBSD versions 11.3-RELEASE before 11.3-RELEASE-p6
Description The issue is caused by incorrect initialization of a stack data structure. As a result, core dump files may contain up to 20 bytes of kernel data previously stored on the stack.
Recommendations For FreeBSD versions 12.1-STABLE before r354734, update to a version after r354734. For FreeBSD versions 12.1-RELEASE before 12.1-RELEASE-p2, update to 12.1-RELEASE-p2 or later. For FreeBSD versions 12.0-RELEASE before 12.0-RELEASE-p13, update to 12.0-RELEASE-p13 or later. For FreeBSD versions 11.3-STABLE before r354735, update to a version after r354735. For FreeBSD versions 11.3-RELEASE before 11.3-RELEASE-p6, update to 11.3-RELEASE-p6 or later.

Fix

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-665

Related Identifiers

CVE-2019-15875
FREEBSD-SA-20_03

Affected Products

Freebsd