CVE-2018-6921

{"id": "CVE-2018-6921", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2018-05-08T19:29:00.470", "references": [{"url": "http://www.securityfocus.com/bid/104118", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secteam@freebsd.org"}, {"url": "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:05.mem.asc", "tags": ["Vendor Advisory"], "source": "secteam@freebsd.org"}, {"url": "http://www.securityfocus.com/bid/104118", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:05.mem.asc", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to insufficient initialization of memory copied to userland in the network subsystem, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data."}, {"lang": "es", "value": "En FreeBSD, en versiones anteriores a la 11.1-STABLE(r332066) and 11.1-RELEASE-p10, debido a la insuficiente inicializaci\u00f3n de la memoria copiada en userland en el subsistema de Linux, peque\u00f1as cantidades de la memoria del kernel pueden divulgarse a los procesos de userland. Los usuarios locales sin privilegios autenticados podr\u00edan ser capaces de acceder a peque\u00f1as cantidades de datos privilegiados del kernel."}], "lastModified": "2024-11-21T04:11:25.650", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "702C5136-33B6-4F0F-8FF7-C2BE3668DE70", "versionEndExcluding": "11.1", "versionStartIncluding": "11.0"}], "operator": "OR"}]}], "sourceIdentifier": "secteam@freebsd.org"}