Kernel Memory Leak in FreeBSD ktrace Facility
CVE-2025-0662

4.9MEDIUM

Key Information:

Vendor: FreeBSD
Status: FreeBSD
Vendor: CVE Published:; 30 January 2025

What is CVE-2025-0662?

The ktrace facility in FreeBSD has a memory leak vulnerability that allows unprivileged userspace programs to expose kernel memory details. Specifically, it logs the contents of kernel structures and, in certain scenarios, dumps a variable-sized sockaddr to userspace. This leads to the unintended copying of up to 14 uninitialized bytes of kernel heap memory to userspace, potentially allowing attackers to gain insights into sensitive memory contents.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FreeBSD 14.2-RELEASE

References

https://security.freebsd.org/advisories/FreeBSD-SA-25:04....

vendor-advisory

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 30, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

Yichen Chai

Zhuo Ying Jiang Li

JSON

FreeBSD

What is CVE-2025-0662?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.