Home > Vulnerability Database > CVE-2024-25941

Mend.io Vulnerability Database

CVE-2024-25941

Date: February 14, 2024

The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information leak about processes outside the current jail. Attacker can get information about TTYs allocated on the host or in other jails. Effectively, the information printed by "pstat -t" may be leaked.

Language: C

Severity Score

3.3

Related Resources (4)

Url: https://security.freebsd.org/advisories/FreeBSD-SA-24:02.tty.asc

Url: https://security.netapp.com/advisory/ntap-20240510-0003/

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-25941

Url: https://www.mend.io/vulnerability-database/CVE-2024-25941

Severity Score

3.3

CVSS v3.1

Base Score:	3.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-25941

Date: February 14, 2024

Language: C

Severity Score

Related Resources (4)

Severity Score

CVSS v3.1

Do you need more information?