Home / mailings FreeBSD Security Advisory FreeBSD-SA-25:04.ktrace
Posted on 29 January 2025
FreeBSD security notificat=============================================================================FreeBSD-SA-25:04.ktrace Security Advisory
The FreeBSD Project
Topic: Uninitialized kernel memory disclosure via ktrace(2)
Category: core
Module: ktrace
Announced: 2025-01-29
Credits: Yichen Chai and Zhuo Ying Jiang Li
Affects: FreeBSD 14.2
Corrected: 2025-01-20 22:09:53 UTC (stable/14, 14.2-STABLE)
2025-01-29 18:54:50 UTC (releng/14.2, 14.2-RELEASE-p1)
CVE Name: CVE-2025-0662
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
The ktrace utility enables kernel trace logging for the specified
processes, commonly used for diagnostic or debugging purposes. The
kernel operations that are traced include system calls, namei
translations, signal processing, and I/O as well as data associated with
these operations.
II. Problem Description
In some cases, the ktrace facility will log the contents of kernel
structures to userspace. In one such case, ktrace dumps a
variable-sized sockaddr to userspace. There, the full sockaddr is
copied, even when it is shorter than the full size. This can result in
up to 14 uninitialized bytes of kernel memory being copied out to
userspace.
III. Impact
It is possible for an unprivileged userspace program to leak 14 bytes of
a kernel heap allocation to userspace.
IV. Workaround
No workaround is available.
V. Solution
<insert solution here>
Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
Perform one of the following:
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for a security update"
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-25:04/ktrace.patch
# fetch https://security.FreeBSD.org/patches/SA-25:04/ktrace.patch.asc
# gpg --verify ktrace.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
This issue is corrected as of the corresponding Git commit hash in the
following stable and release branches:
Branch/path Hash Revision
- -------------------------------------------------------------------------
stable/14/ 99d5ee8738a3 stable/14-n270190
releng/14.2/ 10f8a9df522f releng/14.2-n269507
- -------------------------------------------------------------------------
Run the following command to see which files were modified by a
particular commit:
# git show --stat <commit hash>
Or visit the following URL, replacing NNNNNN with the hash:
<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:
# git rev-list --count --first-parent HEAD
VII. References
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0662>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-25:04.ktrace.asc>
