FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- ktrace kernel memory disclosure

Affected packages
9.2 <= FreeBSD-kernel < 9.2_7
9.1 <= FreeBSD-kernel < 9.1_14
8.4 <= FreeBSD-kernel < 8.4_11

Details

VuXML ID 6e04048b-6007-11e6-a6c3-14dae9d210b8
Discovery 2014-06-03
Entry 2016-08-11

Problem Description:

Due to an overlooked merge to -STABLE branches, the size for page fault kernel trace entries was set incorrectly.

Impact:

A user who can enable kernel process tracing could end up reading the contents of kernel memory.

Such memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way; for example, a terminal buffer might include a user-entered password.

References

CVE Name CVE-2014-3873
FreeBSD Advisory SA-14:12.ktrace