VULHUB ™

Multiple vulnerabilities have been reported in the sysctl system call for NetBSD systems. A kernel panic could be the result of some sysctl nodes attempting to dereference a NULL pointer. This could potentially be triggered by a local user. If the process ID of a zombie process is passed to the system call, this would cause invalid process information to be dereferenced, also resulting in a kernel panic. Some sysctl nodes do not implement sufficient range checking, potentially allowing kernel memory to be read. This issue may be similar to the vulnerability described in BID 2364, which affects the Linux kernel. It is not known if other BSD derivatives are similarly affected by these issues.

Multiple vulnerabilities have been reported in the sysctl system call for NetBSD systems. A kernel panic could be the result of some sysctl nodes attempting to dereference a NULL pointer. This could potentially be triggered by a local user. If the process ID of a zombie process is passed to the system call, this would cause invalid process information to be dereferenced, also resulting in a kernel panic. Some sysctl nodes do not implement sufficient range checking, potentially allowing kernel memory to be read. This issue may be similar to the vulnerability described in BID 2364, which affects the Linux kernel. It is not known if other BSD derivatives are similarly affected by these issues.