Home > Vulnerability Database > CVE-2024-25941

Mend.io Vulnerability Database

CVE-2024-25941

Good to know:

Date: February 15, 2024

The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information leak about processes outside the current jail. Attacker can get information about TTYs allocated on the host or in other jails. Effectively, the information printed by "pstat -t" may be leaked.

Language: C

Severity Score

6.2

Related Resources (3)

Url: https://security.freebsd.org/advisories/FreeBSD-SA-24:02.tty.asc

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-25941

Url: https://www.mend.io/vulnerability-database/CVE-2024-25941

Severity Score

6.2

Top Fix

Upgrade Version

Upgrade to version f1d0a0cbecf2c688061f35adea85bfb29c9ec893

Learn More

CVSS v3.1

Base Score:	6.2
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-25941

Good to know:

Date: February 15, 2024

Language: C

Severity Score

Related Resources (3)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?