ASA-2019-00044 – FreeBSD: System call kernel data register leak

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00044

Identifier(s)

ASA-2019-00044, CVE-2019-5595, FreeBSD-SA-19:01.syscall

Title

System call kernel data register leak

Vendor(s)

The FreeBSD Project

Product(s)

FreeBSD

Affected version(s)

All supported versions of FreeBSD

Fixed version(s)

2019-02-05 17:52:06 UTC (stable/12, 12.0-STABLE)
2019-02-05 18:05:05 UTC (releng/12.0, 12.0-RELEASE-p3)
2019-02-05 17:54:02 UTC (stable/11, 11.2-STABLE)
2019-02-05 18:07:45 UTC (releng/11.2, 11.2-RELEASE-p9)

Proof of concept

Unknown

Description

The callee-save registers are used by kernel and for some of them (%r8, %r10, and for non-PTI configurations, %r9) the content is not sanitized before return from syscalls, potentially leaking sensitive information.

Technical details

Unknown

Credits

Konstantin Belousov

Reference(s)

FreeBSD-SA-19:01.syscall
https://www.freebsd.org/security/advisories/FreeBSD-SA-19:01.syscall.asc

FreeBSD Security Advisory FreeBSD-SA-19:01.syscall
https://seclists.org/bugtraq/2019/Feb/11

syscall.patch
https://security.FreeBSD.org/patches/SA-19:01/syscall.patch

syscall.11.2.patch
https://security.FreeBSD.org/patches/SA-19:01/syscall.11.2.patch

CVE-2019-5595
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5595

CVE-2019-5595
https://nvd.nist.gov/vuln/detail/CVE-2019-5595

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: October 10, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.