CVE-2017-1088 - OpenCVE

In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. As a result, some bytes from the kernel stack can be observed in userspace.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Freebsd	Freebsd

Configuration 1 [-]

cpe:2.3:o:freebsd:freebsd:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/101857
http://www.securitytracker.com/id/1039811
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:10.kldstat.asc

History

No history.

MITRE

Status: PUBLISHED

Assigner: freebsd

Published: 2017-11-16T20:00:00Z

Updated: 2024-09-16T22:15:13.705Z

Reserved: 2016-11-30T00:00:00

Link: CVE-2017-1088

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-11-16T20:29:00.267

Modified: 2017-12-02T12:57:35.220

Link: CVE-2017-1088

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "FreeBSD", "vendor": "FreeBSD", "versions": [{"status": "affected", "version": "All supported versions of FreeBSD"}]}], "datePublic": "2017-11-15T00:00:00", "descriptions": [{"lang": "en", "value": "In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. As a result, some bytes from the kernel stack can be observed in userspace."}], "problemTypes": [{"descriptions": [{"description": "Kernel information leak", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-17T10:57:01", "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd"}, "references": [{"name": "101857", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101857"}, {"name": "FreeBSD-SA-17:10", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:10.kldstat.asc"}, {"name": "1039811", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039811"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secteam@freebsd.org", "DATE_PUBLIC": "2017-11-15T00:00:00", "ID": "CVE-2017-1088", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "FreeBSD", "version": {"version_data": [{"version_value": "All supported versions of FreeBSD"}]}}]}, "vendor_name": "FreeBSD"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. As a result, some bytes from the kernel stack can be observed in userspace."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Kernel information leak"}]}]}, "references": {"reference_data": [{"name": "101857", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101857"}, {"name": "FreeBSD-SA-17:10", "refsource": "FREEBSD", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:10.kldstat.asc"}, {"name": "1039811", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039811"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T13:25:16.916Z"}, "title": "CVE Program Container", "references": [{"name": "101857", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101857"}, {"name": "FreeBSD-SA-17:10", "tags": ["vendor-advisory", "x_refsource_FREEBSD", "x_transferred"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:10.kldstat.asc"}, {"name": "1039811", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039811"}]}]}, "cveMetadata": {"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "assignerShortName": "freebsd", "cveId": "CVE-2017-1088", "datePublished": "2017-11-16T20:00:00Z", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-09-16T22:15:13.705Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B2AEFCC-A2F6-45A6-A2EF-24F7906E44E2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. As a result, some bytes from the kernel stack can be observed in userspace."}, {"lang": "es", "value": "En FreeBSD en versiones anteriores a 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3 y 10.3-RELEASE-p24, el kernel no limpia correctamente la memoria de la estructura kld_file_stat antes de rellenar los datos. Dado que la estructura que rellena el kernel se asigna a la pila del kernel y se copia al espacio de usuario, es posible que se produzca una fuga de informaci\u00f3n desde la pila del kernel. Como resultado, algunos bytes de la pila del kernel se podr\u00edan observar en el espacio de usuario."}], "id": "CVE-2017-1088", "lastModified": "2017-12-02T12:57:35.220", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-16T20:29:00.267", "references": [{"source": "secteam@freebsd.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101857"}, {"source": "secteam@freebsd.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039811"}, {"source": "secteam@freebsd.org", "tags": ["Vendor Advisory"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:10.kldstat.asc"}], "sourceIdentifier": "secteam@freebsd.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}