vulnerability
FreeBSD: VID-6b6ca5b6-6007-11e6-a6c3-14dae9d210b8 (CVE-2014-3001): FreeBSD -- devfs rules not applied by default for jails
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | Aug 11, 2016 | Dec 10, 2025 | Dec 10, 2025 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
Aug 11, 2016
Added
Dec 10, 2025
Modified
Dec 10, 2025
Description
Problem Description: The default devfs rulesets are not loaded on boot, even when jails are used. Device nodes will be created in the jail with their normal default access permissions, while most of them should be hidden and inaccessible. Impact: Jailed processes can get access to restricted resources on the host system. For jailed processes running with superuser privileges this implies access to all devices on the system. This level of access could lead to information leakage and privilege escalation.
Solution
freebsd-upgrade-base-10_0-release-p2
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.