← Zuruck zu CVEs
CVE-2025-0662
MEDIUM4.9
Beschreibung
In some cases, the ktrace facility will log the contents of kernel structures to userspace. In one such case, ktrace dumps a variable-sized sockaddr to userspace. There, the full sockaddr is copied, even when it is shorter than the full size. This can result in up to 14 uninitialized bytes of kernel memory being copied out to userspace. It is possible for an unprivileged userspace program to leak 14 bytes of a kernel heap allocation to userspace.
CVE Details
CVSS v3.1 Bewertung4.9
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienHIGH
BenutzerinteraktionNONE
Veroffentlicht1/30/2025
Zuletzt geandert2/7/2025
Quellenvd
Honeypot-Sichtungen0
Schwachen (CWE)
CWE-122
Referenzen
https://security.freebsd.org/advisories/FreeBSD-SA-25:04.ktrace.asc(secteam@freebsd.org)
https://security.netapp.com/advisory/ntap-20250207-0006/(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.