Primary

Context

FreeBSD Ktrace Uninitialized Memory Disclosure Vulnerability

Vulnerability

Patched

A vulnerability in the ktrace facility of FreeBSD 14.2 has been identified, allowing unprivileged userspace programs to leak up to 14 bytes of uninitialized kernel heap memory to userspace. This occurs because ktrace improperly handles variable-sized sockaddr structures, copying the full size even when the actual data is shorter, thereby exposing unused bytes of kernel memory.

Impact

Exploitation of this vulnerability results in the unauthorized disclosure of sensitive information from kernel memory to userspace.

Remediation

Users can upgrade to FreeBSD 14.2-RELEASE-p1 or apply a source code patch available from the FreeBSD Security Advisory FreeBSD-SA-25:04.ktrace.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

0.6

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

0.6

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FreeBSD Ktrace Uninitialized Memory Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

FreeBSD

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating