← Voltar para CVEs
CVE-2025-0662
MEDIUM4.9
Descricao
In some cases, the ktrace facility will log the contents of kernel structures to userspace. In one such case, ktrace dumps a variable-sized sockaddr to userspace. There, the full sockaddr is copied, even when it is shorter than the full size. This can result in up to 14 uninitialized bytes of kernel memory being copied out to userspace. It is possible for an unprivileged userspace program to leak 14 bytes of a kernel heap allocation to userspace.
Detalhes CVE
Pontuacao CVSS v3.14.9
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosHIGH
Interacao do usuarioNONE
Publicado1/30/2025
Ultima modificacao2/7/2025
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-122
Referencias
https://security.freebsd.org/advisories/FreeBSD-SA-25:04.ktrace.asc(secteam@freebsd.org)
https://security.netapp.com/advisory/ntap-20250207-0006/(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.