FreeBSD < 10 qls_eioctl function Unauthorized Disclosure of Information
Medium Nessus Plugin ID 110560
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe qls_eioctl function in sys/dev/qlxge/qls_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call.
SolutionUpgrade to FreeBSD version 10 or later