Home > Vulnerability Database > CVE-2025-0662

Mend.io Vulnerability Database

CVE-2025-0662

Date: January 29, 2025

In some cases, the ktrace facility will log the contents of kernel structures to userspace. In one such case, ktrace dumps a variable-sized sockaddr to userspace. There, the full sockaddr is copied, even when it is shorter than the full size. This can result in up to 14 uninitialized bytes of kernel memory being copied out to userspace. It is possible for an unprivileged userspace program to leak 14 bytes of a kernel heap allocation to userspace.

Severity Score

4.9

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-0662

Url: https://security.netapp.com/advisory/ntap-20250207-0006/

Url: https://security.freebsd.org/advisories/FreeBSD-SA-25:04.ktrace.asc

Url: https://www.mend.io/vulnerability-database/CVE-2025-0662

Severity Score

4.9

Weakness Type (CWE)

Heap-based Buffer Overflow

CWE-122

CVSS v3.1

Base Score:	4.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-0662

Date: January 29, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?