FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Information leak in kldstat(2)

Affected packages
11.1 <= FreeBSD-kernel < 11.1_4
11.0 <= FreeBSD-kernel < 11.0_15
10.4 <= FreeBSD-kernel < 10.4_3
10.3 <= FreeBSD-kernel < 10.3_24

Details

VuXML ID 759059ac-dab3-11e7-b5af-a4badb2f4699
Discovery 2017-11-15
Entry 2017-12-06

Problem Description:

The kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible.

Impact:

Some bytes from the kernel stack can be observed in userspace.

References

CVE Name CVE-2017-1088
FreeBSD Advisory SA-17:10.kldstat