Two vulnerabilities have been reported in FreeBSD, which can be exploited to malicious, local users to gain knowledge of potentially sensitive information.
1) An error in the ioctl mechanism causes uninitalised kernel stack memory to be copied to user-space buffers. This discloses kernel memory content, which may contain sensitive information such as passwords.
2) An error in the ioctl mechanism when calculating buffer sizes can cause too much data to be copied into user-space buffers and discloses kernel memory content.
The vulnerabilities have been reported in version 5.4-STABLE and 6.0.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org