CVE-2025-0662 identifies a vulnerability in FreeBSD’s ktrace facility, which is used for tracing kernel and user programs. In certain scenarios, ktrace logs variable-sized sockaddr structures to userspace. When the actual sockaddr is shorter than its full size, the entire structure is still copied, resulting in up to 14 bytes of uninitialized kernel memory being exposed to userspace. This exposure allows an unprivileged userspace program to access portions of kernel heap memory, potentially leading to information disclosure.
Affected versions of FreeBSD include:
- 14.2-RELEASE before p1
Patches have been released to mitigate the vulnerability, and users are advised to update their systems promptly to avoid exploitation.
See more details on: