An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller.
A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Thu, 05 Sep 2024 21:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:o:freebsd:freebsd:13.3:-:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.3:p1:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.3:p2:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.3:p3:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.3:p4:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.3:p5:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.4:beta3:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:-:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p5:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p6:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p7:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p8:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p9:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.1:-:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.1:p1:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.1:p2:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.1:p3:*:*:*:*:*:* |
Thu, 05 Sep 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Freebsd
Freebsd freebsd |
|
CPEs | cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:* | |
Vendors & Products |
Freebsd
Freebsd freebsd |
|
Metrics |
cvssV3_1
|
Thu, 05 Sep 2024 05:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. | |
Title | bhyve(8) privileged guest escape via USB controller | |
Weaknesses | CWE-193 CWE-787 |
|
References |
|
MITRE
Status: PUBLISHED
Assigner: freebsd
Published: 2024-09-05T04:42:25.457Z
Updated: 2024-09-20T16:03:06.718Z
Reserved: 2024-08-27T16:30:56.016Z
Link: CVE-2024-32668
Vulnrichment
Updated: 2024-09-20T16:03:06.718Z
NVD
Status : Modified
Published: 2024-09-05T05:15:13.433
Modified: 2024-11-21T09:15:25.913
Link: CVE-2024-32668
Redhat
No data.