FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- vt console memory disclosure

Affected packages
11.1 <= FreeBSD-kernel < 11.1_9
10.4 <= FreeBSD-kernel < 10.4_8
10.3 <= FreeBSD-kernel < 10.3_29


VuXML ID a5cf3ecd-38db-11e8-8b7f-a4badb2f469b
Discovery 2018-04-04
Entry 2018-04-05

Problem Description:

Insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. Characters that reference this data can be displayed on the screen, effectively disclosing kernel memory.


Unprivileged users may be able to access privileged kernel data.

Such memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way; for example, a terminal buffer might include a user-entered password.


CVE Name CVE-2018-6917
FreeBSD Advisory SA-18:04.vt