Kernel Memory Leak in FreeBSD ktrace Facility
CVE-2025-0662

4.9MEDIUM

Key Information:

Vendor: FreeBSD
Status: FreeBSD
Vendor: CVE Published:; 30 January 2025

What is CVE-2025-0662?

The ktrace facility in FreeBSD has a memory leak vulnerability that allows unprivileged userspace programs to expose kernel memory details. Specifically, it logs the contents of kernel structures and, in certain scenarios, dumps a variable-sized sockaddr to userspace. This leads to the unintended copying of up to 14 uninitialized bytes of kernel heap memory to userspace, potentially allowing attackers to gain insights into sensitive memory contents.

Affected Version(s)

FreeBSD 14.2-RELEASE

References

https://security.freebsd.org/advisories/FreeBSD-SA-25:04....

vendor-advisory

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 30, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

Yichen Chai

Zhuo Ying Jiang Li