Products
bhyve
Source
secteam@freebsd.org
Tags
CVE-2024-41928 details
Published : Sept. 5, 2024, 4:15 a.m.
Last Modified : Sept. 5, 2024, 12:53 p.m.
Last Modified : Sept. 5, 2024, 12:53 p.m.
Description
Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-125 | Out-of-bounds Read | The product reads data past the end, or before the beginning, of the intended buffer. |
References
| URL | Source |
|---|---|
| https://security.freebsd.org/advisories/FreeBSD-SA-24:10.bhyve.asc | secteam@freebsd.org |
This website uses the NVD API, but is not approved or certified by it.