{"id":"CVE-2017-1088","details":"In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. As a result, some bytes from the kernel stack can be observed in userspace.","modified":"2024-06-04T05:04:55.276433Z","published":"2017-11-16T20:29:00Z","withdrawn":"2024-06-30T16:00:04.304923Z","references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/101857"},{"type":"WEB","url":"http://www.securitytracker.com/id/1039811"},{"type":"ADVISORY","url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-17:10.kldstat.asc"}],"affected":[{"package":{"name":"kfreebsd-10","ecosystem":"Debian:10","purl":"pkg:deb/debian/kfreebsd-10?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["10.3~svn300087+ds1-1","10.3~svn300087-5","10.3~svn300087-6"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1088.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}