CVE-2024-32668 bhyve(8) privileged guest escape via USB controller

🗓️ 05 Sep 2024 04:42:25Reported by freebsdType

Insufficient boundary validation in bhyve(8) USB controller, allowing privileged guest escap

Reporter	Title	Published	Views	Family All 11
FreeBSD	FreeBSD -- bhyve(8) privileged guest escape via USB controller	4 Sep 202400:00	–	freebsd
BDU FSTEC	The vulnerability of the hypervisor in FreeBSD operating systems allows a hacker to execute arbitrary code.	26 Nov 202400:00	–	bdu_fstec
Circl	CVE-2024-32668	5 Sep 202407:59	–	circl
CNNVD	FreeBSD 缓冲区错误漏洞	5 Sep 202400:00	–	cnnvd
CVE	CVE-2024-32668	5 Sep 202404:42	–	cve
FreeBSD Advisory	FreeBSD-SA-24:12.bhyve	4 Sep 202400:00	–	freebsd_advisory
Tenable Nessus	FreeBSD : FreeBSD -- bhyve(8) privileged guest escape via USB controller (4edaa9f4-6b51-11ef-9a62-002590c1f29c)	6 Sep 202400:00	–	nessus
NVD	CVE-2024-32668	5 Sep 202405:15	–	nvd
OSV	CVE-2024-32668	5 Sep 202405:15	–	osv
Positive Technologies	PT-2024-8702 · Bhyve +1 · Bhyve +1	27 Aug 202400:00	–	ptsecurity

[
  {
    "defaultStatus": "unknown",
    "modules": [
      "bhyve"
    ],
    "product": "FreeBSD",
    "vendor": "FreeBSD",
    "versions": [
      {
        "lessThan": "p4",
        "status": "affected",
        "version": "14.1-RELEASE",
        "versionType": "release"
      },
      {
        "lessThan": "p10",
        "status": "affected",
        "version": "14.0-RELEASE",
        "versionType": "release"
      },
      {
        "lessThan": "p6",
        "status": "affected",
        "version": "13.3-RELEASE",
        "versionType": "release"
      }
    ]
  }
]

Source	Link
security	www.security.freebsd.org/advisories/FreeBSD-SA-24:12.bhyve.asc

05 Sep 2024 04:42Current

EPSS0.00112

cve-2024-32668 bhyve(8)usb controller guest escape code execution root access capsicum sandbox