Vulnerability Description
In FreeBSD 11.3-STABLE before r350217, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, due to insufficient initialization of memory copied to userland in the freebsd32_ioctl interface, small amounts of kernel memory may be disclosed to userland processes. This may allow an attacker to leverage this information to obtain elevated privileges either directly or indirectly.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freebsd | Freebsd | 11.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/153749/FreeBSD-Security-Advisory-FreeBSD-SAThird Party AdvisoryVDB Entry
- https://security.FreeBSD.org/advisories/FreeBSD-SA-19:14.freebsd32.ascVendor Advisory
- https://security.netapp.com/advisory/ntap-20190814-0003/Third Party Advisory
- http://packetstormsecurity.com/files/153749/FreeBSD-Security-Advisory-FreeBSD-SAThird Party AdvisoryVDB Entry
- https://security.FreeBSD.org/advisories/FreeBSD-SA-19:14.freebsd32.ascVendor Advisory
- https://security.netapp.com/advisory/ntap-20190814-0003/Third Party Advisory
FAQ
What is CVE-2019-5605?
CVE-2019-5605 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In FreeBSD 11.3-STABLE before r350217, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, due to insufficient initialization of memory copied to userland in the freebsd32_i...
How severe is CVE-2019-5605?
CVE-2019-5605 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-5605?
Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Freebsd.