Vulnerability Description
FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize the buffer between the header and data of a control message, which allows local users to obtain sensitive information from kernel memory via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freebsd | Freebsd | 8.4 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/62218
- http://www.debian.org/security/2014/dsa-3070
- http://www.freebsd.org/security/advisories/FreeBSD-SA-14:17.kmem.ascVendor Advisory
- http://www.securityfocus.com/bid/68466
- http://www.securitytracker.com/id/1030539
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94448
- http://secunia.com/advisories/62218
- http://www.debian.org/security/2014/dsa-3070
- http://www.freebsd.org/security/advisories/FreeBSD-SA-14:17.kmem.ascVendor Advisory
- http://www.securityfocus.com/bid/68466
- http://www.securitytracker.com/id/1030539
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94448
FAQ
What is CVE-2014-3952?
CVE-2014-3952 is a vulnerability with a CVSS score of 4.9 (MEDIUM). FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize the buffer between the header and data of a control message, which allows local users to obtain ...
How severe is CVE-2014-3952?
CVE-2014-3952 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3952?
Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Freebsd.