CVE-2024-25941 — LOW (3.3) — White Hats Nepal

Q: How severe is CVE-2024-25941?

CVE-2024-25941 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-25941?

Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Freebsd.

Vulnerability Description

The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information leak about processes outside the current jail. Attacker can get information about TTYs allocated on the host or in other jails. Effectively, the information printed by "pstat -t" may be leaked.

CVSS Score

3.3

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Freebsd	Freebsd	< 13.2

References

https://security.freebsd.org/advisories/FreeBSD-SA-24:02.tty.ascVendor Advisory
https://security.netapp.com/advisory/ntap-20240510-0003/Third Party Advisory
https://security.freebsd.org/advisories/FreeBSD-SA-24:02.tty.ascVendor Advisory
https://security.netapp.com/advisory/ntap-20240510-0003/Third Party Advisory

FAQ

What is CVE-2024-25941?

CVE-2024-25941 is a vulnerability with a CVSS score of 3.3 (LOW). The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information leak about processes outside the current jail. Attacker can get inform...

How severe is CVE-2024-25941?

CVE-2024-25941 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-25941?

Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Freebsd.