CVE-2019-5595

{"id": "CVE-2019-5595", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2019-02-12T05:29:00.757", "references": [{"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:01.syscall.asc", "tags": ["Patch", "Vendor Advisory"], "source": "secteam@freebsd.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156624", "tags": ["Third Party Advisory"], "source": "nvd@nist.gov"}, {"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:01.syscall.asc", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-459"}]}], "descriptions": [{"lang": "en", "value": "In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call to be exposed."}, {"lang": "es", "value": "En FreeBSD, en versiones anteriores a la 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781) y 12.0-RELEASE-p3, los registros callee-save del kernel no se sanean correctamente antes de volver de las llamadas del sistema, lo que podr\u00eda permitir que se expongan algunos datos del kernel empleados en la llamada del sistema."}], "lastModified": "2024-11-21T04:45:12.020", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:freebsd:freebsd:11.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B67A5F4F-218A-4FF6-8D56-59AF47297545"}, {"criteria": "cpe:2.3:a:freebsd:freebsd:12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBEF2C42-0893-4F37-ADFA-F6355ADE4F3D"}], "operator": "OR"}]}], "sourceIdentifier": "secteam@freebsd.org"}