Vulnerability Description
In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freebsd | Freebsd | >= 10.0, < 10.4 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104114Third Party AdvisoryVDB Entry
- https://security.FreeBSD.org/advisories/FreeBSD-EN-18:05.mem.ascVendor Advisory
- http://www.securityfocus.com/bid/104114Third Party AdvisoryVDB Entry
- https://security.FreeBSD.org/advisories/FreeBSD-EN-18:05.mem.ascVendor Advisory
FAQ
What is CVE-2018-6920?
CVE-2018-6920 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros ...
How severe is CVE-2018-6920?
CVE-2018-6920 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-6920?
Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Freebsd.