The nand_ioctl function in sys/dev/nand/nand_geom.c in the nand driver in the kernel in FreeBSD 10 and earlier does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0106.html | Exploit Patch |
http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0106.html | Exploit Patch |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:59
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0106.html - Exploit, Patch |
Information
Published : 2013-11-21 04:40
Updated : 2024-11-21 01:59
NVD link : CVE-2013-6832
Mitre link : CVE-2013-6832
CVE.ORG link : CVE-2013-6832
JSON object : View
Products Affected
freebsd
- freebsd
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor