The qls_eioctl function in sys/dev/qlxge/qls_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0107.html | Exploit Patch |
http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0107.html | Exploit Patch |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:59
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0107.html - Exploit, Patch |
Information
Published : 2013-11-21 04:40
Updated : 2024-11-21 01:59
NVD link : CVE-2013-6833
Mitre link : CVE-2013-6833
CVE.ORG link : CVE-2013-6833
JSON object : View
Products Affected
freebsd
- freebsd
CWE
CWE-20
Improper Input Validation