FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- SCTP SCTP_SS_VALUE kernel memory corruption and disclosure

Affected packages
10.1 <= FreeBSD-kernel < 10.1_5
10.0 <= FreeBSD-kernel < 10.0_17
9.3 <= FreeBSD-kernel < 9.3_9
8.4 <= FreeBSD-kernel < 8.4_23

Details

VuXML ID 0a5cf6d8-600a-11e6-a6c3-14dae9d210b8
Discovery 2015-01-27
Entry 2016-08-11

Problem Description:

Due to insufficient validation of the SCTP stream ID, which serves as an array index, a local unprivileged attacker can read or write 16-bits of kernel memory.

Impact:

An unprivileged process can read or modify 16-bits of memory which belongs to the kernel. This smay lead to exposure of sensitive information or allow privilege escalation.

References

CVE Name CVE-2014-8612
FreeBSD Advisory SA-15:02.kmem