CVE-2018-17155

Summary

In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts privileged kernel data.

Affected Software

VendorProductVersion RangeStatus
FreeBSDFreeBSD11.2 before 11.2-RELEASE-p4affected
FreeBSDFreeBSD11.1 before 11.1-RELEASE-p15affected
FreeBSDFreeBSD10.x before 10.4-RELEASE-p13affected

Weaknesses

  • Kernel memory disclosure

ADP Enrichment

CVE Program Container

Additional References

References