Vulnerability Description
The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 9.3-BETA1 before p1 uses an incorrect page fault kernel trace entry size, which allows local users to obtain sensitive information from kernel memory via a kernel process trace.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freebsd | Freebsd | 8.4 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/58627
- http://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A12.ktrace.ascPatchVendor Advisory
- http://www.securityfocus.com/bid/67812
- http://www.securitytracker.com/id/1030325
- http://secunia.com/advisories/58627
- http://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A12.ktrace.ascPatchVendor Advisory
- http://www.securityfocus.com/bid/67812
- http://www.securitytracker.com/id/1030325
FAQ
What is CVE-2014-3873?
CVE-2014-3873 is a vulnerability with a CVSS score of 2.1 (LOW). The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 9.3-BETA1 before p1 uses an incorrect page fault kernel trace entry size, which allows local users to obtain...
How severe is CVE-2014-3873?
CVE-2014-3873 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3873?
Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Freebsd.