FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- System call kernel data register leak

Affected packages
12.0 <= FreeBSD-kernel < 12.0_3
11.2 <= FreeBSD-kernel < 11.2_9


VuXML ID 683c714d-2d91-11e9-bf3e-a4badb2f4699
Discovery 2019-02-05
Entry 2019-02-11

Problem Description:

The callee-save registers are used by kernel and for some of them (%r8, %r10, and for non-PTI configurations, %r9) the content is not sanitized before return from syscalls, potentially leaking sensitive information.


Typically an address of some kernel data structure used in the syscall implementation, is exposed.


CVE Name CVE-2019-5595
FreeBSD Advisory SA-19:01.syscall