The qls_eioctl function in sys/dev/qlxge/qls_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0107.html | Exploit Patch |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2013-11-21 04:40
Updated : 2024-02-04 18:16
NVD link : CVE-2013-6833
Mitre link : CVE-2013-6833
CVE.ORG link : CVE-2013-6833
JSON object : View
Products Affected
freebsd
- freebsd
CWE
CWE-20
Improper Input Validation