Problem Description:
Some function pointers for netgraph and bluetooth sockets are
not properly initialized.
Impact:
A local user can cause the FreeBSD kernel to execute
arbitrary code. This could be used by an attacker directly;
or it could be used to gain root privilege or to escape from
a jail.
Workaround:
No workaround is available, but systems without local
untrusted users are not vulnerable. Furthermore, systems are
not vulnerable if they have neither the ng_socket nor
ng_bluetooth kernel modules loaded or compiled into the
kernel.
Systems with the security.jail.socket_unixiproute_only
sysctl set to 1 (the default) are only vulnerable if they have
local untrusted users outside of jails.
If the command
# kldstat -v | grep ng_
produces no output, the system is not vulnerable.