vulnerability

FreeBSD: VID-A9C6E9BE-61FB-11EB-B87A-901B0EF719AB (CVE-2020-25579): FreeBSD -- Uninitialized kernel stack leaks in several file systems

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Jan 29, 2021	Jan 30, 2021	Apr 5, 2021

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Jan 29, 2021

Added

Jan 30, 2021

Modified

Apr 5, 2021

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-A9C6E9BE-61FB-11EB-B87A-901B0EF719AB:

Problem Description:

Several file systems were not properly initializing the d_off field

of the dirent structures returned by VOP_READDIR. In particular,

tmpfs(5), smbfs(5), autofs(5) and mqueuefs(5) were failing to do so.

As a result, eight uninitialized kernel stack bytes may be leaked to

userspace by these file systems. This problem is not present in

FreeBSD 11.

Additionally, msdosfs(5) was failing to zero-fill a pair of padding

fields in the dirent structure, resulting in a leak of three

uninitialized bytes.

Impact:

Kernel stack disclosures may leak sensitive information which could

be used to compromise the security of the system.

Solution(s)

freebsd-upgrade-base-11_4-release-p7freebsd-upgrade-base-12_1-release-p13freebsd-upgrade-base-12_2-release-p3

References

NVD-CVE-2020-25579

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today