FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- kernel stack data disclosure

Affected packages
12.1 <= FreeBSD-kernel < 12.1_2
12.0 <= FreeBSD-kernel < 12.0_13
11.3 <= FreeBSD-kernel < 11.3_6

Details

VuXML ID 6025d173-4279-11ea-b184-f8b156ac3ff9
Discovery 2020-01-28
Entry 2020-01-29

Problem Description:

Due to incorrect initialization of a stack data structure, up to 20 bytes of kernel data stored previously stored on the stack will be exposed to a crashing user process.

Impact:

Sensitive kernel data may be disclosed.

References

CVE Name CVE-2019-15875
FreeBSD Advisory SA-20:03.thrmisc