FreeBSD CVE-2018-6921 Local Information Disclosure

Authors:Ilja van Sprundel       Risk:High

CVE:CVE-2018-6921              0day:Information Disclosure  

0day -id:0DAY-176157            Date:2018-05-10

Description

In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to insufficient initialization of memory copied to userland in the network subsystem, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data.

Background

FreeBSD includes drivers for Atheros wireless interfaces, a TCP network

stack, and the ability to execute Linux binaries.

Problem Description

Due to insufficient initialization of memory copied to userland in the
components described above small amounts of kernel memory may be disclosed
to userland processes.

The disclosure in the Atheros wireless driver and Linux subsystem applies to
both FreeBSD 10.x and 11.x (CVE-2018-6920).

The disclosure in the TCP network stack was introduced in 11.0. As such,
only FreeBSD 11.x is affected by this issue (CVE-2018-6921).

Impact

A user who can access these drivers, use TCP sockets, or execute Linux
binaries may be able to read the contents of small portions of kernel memory.

Such memory might contain sensitive information, such as portions of the file
cache or terminal buffers. This information might be directly useful, or it
might be leveraged to obtain elevated privileges in some way; for example,
a terminal buffer might include a user-entered password.

Workaround

No workaround is available.

Solution

Perform one of the following:

1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.

Afterward, reboot the system.

2) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

Afterward, reboot the system.

3) To update your system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

Leave a Reply