CVE-2019-5605
moderate-risk
Published 2019-07-26
In FreeBSD 11.3-STABLE before r350217, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, due to insufficient initialization of memory copied to userland in the freebsd32_ioctl interface, small amounts of kernel memory may be disclosed to userland processes. This may allow an attacker to leverage this information to obtain elevated privileges either directly or indirectly.
Do I need to act?
~
1.0% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10
Medium
NETWORK
/ LOW complexity
Affected Products (14)
Affected Vendors
References (6)
Third Party Advisory
http://packetstormsecurity.com/files/153749/FreeBSD-Security-Advisory-FreeBSD-SA...
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190814-0003/
Third Party Advisory
http://packetstormsecurity.com/files/153749/FreeBSD-Security-Advisory-FreeBSD-SA...
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190814-0003/
45
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
3/34 · Minimal
Exposure
18/34 · Moderate