3.3

CVE-2024-25941

The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl).  This gives rise to an information leak about processes outside the current jail.

Attacker can get information about TTYs allocated on the host or in other jails.  Effectively, the information printed by "pstat -t" may be leaked.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Data is provided by the National Vulnerability Database (NVD)
FreebsdFreebsd Version < 13.2
FreebsdFreebsd Version13.2 Updatep1
FreebsdFreebsd Version13.2 Updatep2
FreebsdFreebsd Version13.2 Updatep3
FreebsdFreebsd Version13.2 Updatep4
FreebsdFreebsd Version13.2 Updatep5
FreebsdFreebsd Version13.2 Updatep6
FreebsdFreebsd Version13.2 Updatep7
FreebsdFreebsd Version13.2 Updatep8
FreebsdFreebsd Version13.2 Updatep9
FreebsdFreebsd Version14.0 Updatebeta5
FreebsdFreebsd Version14.0 Updatep1
FreebsdFreebsd Version14.0 Updatep2
FreebsdFreebsd Version14.0 Updatep3
FreebsdFreebsd Version14.0 Updatep4
FreebsdFreebsd Version14.0 Updaterc3
FreebsdFreebsd Version14.0 Updaterc4-p1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.12% 0.322
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N