vulnerability

FreeBSD: VID-2830b374-debd-11ef-87ba-002590c1f29c (CVE-2025-0662): FreeBSD -- Uninitialized kernel memory disclosure via ktrace(2)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:M/C:C/I:N/A:N)	Jan 30, 2025	Jan 31, 2025	Dec 10, 2025

Severity

CVSS

(AV:N/AC:L/Au:M/C:C/I:N/A:N)

Published

Jan 30, 2025

Added

Jan 31, 2025

Modified

Dec 10, 2025

Description

Problem Description: In some cases, the ktrace facility will log the contents of kernel structures to userspace. In one such case, ktrace dumps a variable-sized sockaddr to userspace. There, the full sockaddr is copied, even when it is shorter than the full size. This can result in up to 14 uninitialized bytes of kernel memory being copied out to userspace. Impact: It is possible for an unprivileged userspace program to leak 14 bytes of a kernel heap allocation to userspace.

Solution

freebsd-upgrade-base-14_2-release-p1

References

CVE-2025-0662
https://attackerkb.com/topics/CVE-2025-0662
CWE-122

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today