CVE-2019-5605
Last modified
CVE-2019-5605 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. In FreeBSD 11.3-STABLE before r350217, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, due to insufficient initialization of memory copied to userland in the freebsd32_ioctl interface, small amounts of kernel memory may be disclosed to userland processes. This may allow an attacker to leverage this information to obtain elevated privileges either directly or indirectly.. EPSS estimates a 2.33% chance of exploitation in the next 30 days.
Description
In FreeBSD 11.3-STABLE before r350217, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, due to insufficient initialization of memory copied to userland in the freebsd32_ioctl interface, small amounts of kernel memory may be disclosed to userland processes. This may allow an attacker to leverage this information to obtain elevated privileges either directly or indirectly.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Freebsd | Freebsd | 11.0 |
| Freebsd | Freebsd | 11.2 |
| Freebsd | Freebsd | 11.3 |
References
- http://packetstormsecurity.com/files/153749/FreeBSD-Security-Advisory-FreeBSD-SA-19-14.freebsd32.htmlThird Party Advisory, VDB Entry
- https://security.netapp.com/advisory/ntap-20190814-0003/Third Party Advisory
- http://packetstormsecurity.com/files/153749/FreeBSD-Security-Advisory-FreeBSD-SA-19-14.freebsd32.htmlThird Party Advisory, VDB Entry
- https://security.netapp.com/advisory/ntap-20190814-0003/Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-5605?
How severe is CVE-2019-5605?
How do I fix CVE-2019-5605?
Are you affected by CVE-2019-5605?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST