VYPR
← All advisories
Low severity3.3NVD Advisory· Published Nov 16, 2017· Updated May 13, 2026

CVE-2017-1088

CVE-2017-1088

Description

FreeBSD kernel fails to clear kld_file_stat structure, leaking kernel stack bytes to userspace via kldstat(2) syscall.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

FreeBSD kernel fails to clear kld_file_stat structure, leaking kernel stack bytes to userspace via kldstat(2) syscall.

Vulnerability

The kldstat(2) syscall in FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 does not zero the kld_file_stat structure allocated on the kernel stack before copying it to userspace. This results in an information leak where uninitialized kernel stack bytes are exposed to userland processes. [1]

Exploitation

An attacker with the ability to invoke the kldstat(2) syscall (i.e., any user with appropriate permissions) can trigger the leak. No special privileges or user interaction beyond executing the syscall are required. The attacker reads the returned structure to observe residual kernel stack data. [1]

Impact

A local attacker can obtain sensitive kernel stack contents, potentially revealing information such as addresses or other data that could aid in further exploitation. The leak is limited to the size of the kld_file_stat structure and depends on what data resides on the stack at the time of the syscall. [1]

Mitigation

FreeBSD has released patches for all supported versions: 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24. No workaround is available. Users should upgrade to the patched versions. [1]

References
  1. https://www.freebsd.org/security/advisories/FreeBSD-SA-17:10.kldstat.asc

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4
  • FreeBSD/FreeBSD3 versions
    cpe:2.3:o:freebsd:freebsd:-:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:freebsd:freebsd:-:*:*:*:*:*:*:*
    • (no CPE)range: <11.1-STABLE, <11.1-RELEASE-p4, <11.0-RELEASE-p15, <10.4-STABLE, <10.4-RELEASE-p3, <10.3-RELEASE-p24
    • (no CPE)range: All supported versions of FreeBSD
  • osv-coords
    pkg:deb/debian/kfreebsd-10?arch=source
    Range: >= 0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.