NULL Pointer Dereference Vulnerability in FreeBSD getfsstat System Call

CVE-2018-17154 · MEDIUM Severity

AV:L/AC:L/AU:N/C:N/I:N/A:C

In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELEASE-p15, due to insufficient memory checking in the freebsd4_getfsstat system call, a NULL pointer dereference can occur. Unprivileged authenticated local users may be able to cause a denial of service.

Learn more about our User Device Pen Test.