CVE-2019-5595

Published: Feb 12, 2019Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call to be exposed.

Affected (2)

Products: Freebsd: Freebsd

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Freebsd Freebsd	Version 11.2
Freebsd Freebsd	Version 12.0

Related CWEs

Incomplete Cleanup

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

References (3)

https://security.FreeBSD.org/advisories/FreeBSD-SA-19:01.syscall.asc

Source: secteam@freebsd.org

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/156624

Source: nvd@nist.gov

Third Party Advisory

https://security.FreeBSD.org/advisories/FreeBSD-SA-19:01.syscall.asc

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.