{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0662", "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "state": "PUBLISHED", "assignerShortName": "freebsd", "dateReserved": "2025-01-23T01:56:01.677Z", "datePublished": "2025-01-30T04:49:56.482Z", "dateUpdated": "2025-02-07T17:02:55.076Z"}, "containers": {"cna": {"datePublic": "2025-01-29T21:33:19.000Z", "title": "Uninitialized kernel memory disclosure via ktrace(2)", "references": [{"tags": ["vendor-advisory"], "url": "https://security.freebsd.org/advisories/FreeBSD-SA-25:04.ktrace.asc"}], "affected": [{"defaultStatus": "unknown", "modules": ["ktrace"], "product": "FreeBSD", "vendor": "FreeBSD", "versions": [{"lessThan": "p1", "status": "affected", "version": "14.2-RELEASE", "versionType": "release"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Yichen Chai"}, {"lang": "en", "type": "finder", "value": "Zhuo Ying Jiang Li"}], "descriptions": [{"lang": "en", "value": "In some cases, the ktrace facility will log the contents of kernel structures to userspace. In one such case, ktrace dumps a variable-sized sockaddr to userspace. There, the full sockaddr is copied, even when it is shorter than the full size. This can result in up to 14 uninitialized bytes of kernel memory being copied out to userspace.\n\nIt is possible for an unprivileged userspace program to leak 14 bytes of a kernel heap allocation to userspace."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd", "dateUpdated": "2025-01-30T04:49:56.482Z"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-30T15:20:56.339386Z", "id": "CVE-2025-0662", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-31T20:00:09.502Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20250207-0006/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-02-07T17:02:55.076Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-0662", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-30T15:20:56.339386Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-30T15:20:18.729Z"}}], "cna": {"title": "Uninitialized kernel memory disclosure via ktrace(2)", "credits": [{"lang": "en", "type": "finder", "value": "Yichen Chai"}, {"lang": "en", "type": "finder", "value": "Zhuo Ying Jiang Li"}], "affected": [{"vendor": "FreeBSD", "modules": ["ktrace"], "product": "FreeBSD", "versions": [{"status": "affected", "version": "14.2-RELEASE", "lessThan": "p1", "versionType": "release"}], "defaultStatus": "unknown"}], "datePublic": "2025-01-29T21:33:19.000Z", "references": [{"url": "https://security.freebsd.org/advisories/FreeBSD-SA-25:04.ktrace.asc", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "In some cases, the ktrace facility will log the contents of kernel structures to userspace. In one such case, ktrace dumps a variable-sized sockaddr to userspace. There, the full sockaddr is copied, even when it is shorter than the full size. This can result in up to 14 uninitialized bytes of kernel memory being copied out to userspace.\n\nIt is possible for an unprivileged userspace program to leak 14 bytes of a kernel heap allocation to userspace."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd", "dateUpdated": "2025-01-30T04:49:56.482Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0662", "state": "PUBLISHED", "dateUpdated": "2025-01-31T20:00:09.502Z", "dateReserved": "2025-01-23T01:56:01.677Z", "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "datePublished": "2025-01-30T04:49:56.482Z", "assignerShortName": "freebsd"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In some cases, the ktrace facility will log the contents of kernel structures to userspace. In one such case, ktrace dumps a variable-sized sockaddr to userspace. There, the full sockaddr is copied, even when it is shorter than the full size. This can result in up to 14 uninitialized bytes of kernel memory being copied out to userspace.\n\nIt is possible for an unprivileged userspace program to leak 14 bytes of a kernel heap allocation to userspace."}, {"lang": "es", "value": "En algunos casos, la funci\u00f3n ktrace registra el contenido de las estructuras del n\u00facleo en el espacio de usuario. En uno de esos casos, ktrace env\u00eda una direcci\u00f3n sockaddr de tama\u00f1o variable al espacio de usuario. All\u00ed, se copia la direcci\u00f3n sockaddr completa, incluso cuando es m\u00e1s corta que el tama\u00f1o completo. Esto puede provocar que se copien al espacio de usuario hasta 14 bytes no inicializados de memoria del n\u00facleo. Es posible que un programa de espacio de usuario sin privilegios filtre 14 bytes de una asignaci\u00f3n de mont\u00f3n del n\u00facleo al espacio de usuario."}], "id": "CVE-2025-0662", "lastModified": "2025-02-07T17:15:31.157", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-01-30T05:15:10.653", "references": [{"source": "secteam@freebsd.org", "url": "https://security.freebsd.org/advisories/FreeBSD-SA-25:04.ktrace.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20250207-0006/"}], "sourceIdentifier": "secteam@freebsd.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "secteam@freebsd.org", "type": "Secondary"}]}

{}