CVE-2017-1088 - OpenCVE

In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. As a result, some bytes from the kernel stack can be observed in userspace.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Freebsd	Freebsd

Configuration 1 [-]

cpe:2.3:o:freebsd:freebsd:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/101857	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039811	Third Party Advisory VDB Entry
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:10.kldstat.asc	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: freebsd

Published: 2017-11-15T00:00:00

Updated: 2017-11-17T10:57:01

Reserved: 2016-11-30T00:00:00

Link: CVE-2017-1088

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-11-16T20:29:00.267

Modified: 2017-12-02T12:57:35.220

Link: CVE-2017-1088

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "FreeBSD", "vendor": "FreeBSD", "versions": [{"status": "affected", "version": "All supported versions of FreeBSD"}]}], "datePublic": "2017-11-15T00:00:00", "descriptions": [{"lang": "en", "value": "In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. As a result, some bytes from the kernel stack can be observed in userspace."}], "problemTypes": [{"descriptions": [{"description": "Kernel information leak", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-17T10:57:01", "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd"}, "references": [{"name": "101857", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101857"}, {"name": "FreeBSD-SA-17:10", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:10.kldstat.asc"}, {"name": "1039811", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039811"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secteam@freebsd.org", "DATE_PUBLIC": "2017-11-15T00:00:00", "ID": "CVE-2017-1088", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "FreeBSD", "version": {"version_data": [{"version_value": "All supported versions of FreeBSD"}]}}]}, "vendor_name": "FreeBSD"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. As a result, some bytes from the kernel stack can be observed in userspace."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Kernel information leak"}]}]}, "references": {"reference_data": [{"name": "101857", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101857"}, {"name": "FreeBSD-SA-17:10", "refsource": "FREEBSD", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:10.kldstat.asc"}, {"name": "1039811", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039811"}]}}}}, "cveMetadata": {"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "assignerShortName": "freebsd", "cveId": "CVE-2017-1088", "datePublished": "2017-11-15T00:00:00", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2017-11-17T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B2AEFCC-A2F6-45A6-A2EF-24F7906E44E2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. As a result, some bytes from the kernel stack can be observed in userspace."}, {"lang": "es", "value": "En FreeBSD en versiones anteriores a 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3 y 10.3-RELEASE-p24, el kernel no limpia correctamente la memoria de la estructura kld_file_stat antes de rellenar los datos. Dado que la estructura que rellena el kernel se asigna a la pila del kernel y se copia al espacio de usuario, es posible que se produzca una fuga de informaci\u00f3n desde la pila del kernel. Como resultado, algunos bytes de la pila del kernel se podr\u00edan observar en el espacio de usuario."}], "id": "CVE-2017-1088", "lastModified": "2017-12-02T12:57:35.220", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-16T20:29:00.267", "references": [{"source": "secteam@freebsd.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101857"}, {"source": "secteam@freebsd.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039811"}, {"source": "secteam@freebsd.org", "tags": ["Vendor Advisory"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:10.kldstat.asc"}], "sourceIdentifier": "secteam@freebsd.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}