NA

CVE-2019-5595

Published: 12/02/2019 Updated: 12/02/2019

Vulnerability Summary

FreeBSD callee-save registers information disclosure

In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call to be exposed.

FreeBSD could allow a local attacker to obtain sensitive information, caused by improper input validation by the callee-save registers. By sending specially-crafted arguments, an attacker could exploit this vulnerability to obtain sensitive information.

Vulnerability Trend

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:01syscall Security Advisory The FreeBSD Project Topic: System call kernel data register leak Category: ...

References