CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-25941: jail(2) information leak

Description

The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information leak about processes outside the current jail.

Attacker can get information about TTYs allocated on the host or in other jails. Effectively, the information printed by "pstat -t" may be leaked.

Classification

CVE ID: CVE-2024-25941

Affected Products

Vendor: FreeBSD

Product: FreeBSD

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.98% (scored less or equal to compared to others)

EPSS Date: 2025-03-14 (when was this score calculated)

References

https://security.freebsd.org/advisories/FreeBSD-SA-24:02.tty.asc
https://security.netapp.com/advisory/ntap-20240510-0003/

Timeline

2025-02-14 00:31:40 UTC
CVE

jail(2) information leak