← back
CVE-2017-1088

CVE-2017-1088

EPSS 0.4%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
16 Nov 2017Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. As a result, some bytes from the kernel stack can be observed in userspace.
Affected products
FreeBSD · FreeBSD

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:10.kldstat.aschttp://www.securityfocus.com/bid/101857http://www.securitytracker.com/id/1039811