CVE-2024-45063 Multiple issues in ctl(4) CAM Target Layer

The function ctlwritebuffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtioscsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process,...

CVE-2022-23092

The implementation of lib9p's handling of RWALK messages was missing a bounds check needed when unpacking the message contents. The missing check means that the receipt of a specially crafted message will cause lib9p to overwrite unrelated memory. The bug can be triggered by a malicious bhyve gue...

The vulnerability of the FreeBSD operating systems arises from insufficient validation of input data, allowing attackers to overwrite memory on the bhyve host or execute arbitrary code under the control of the root user.

The vulnerability of the FreeBSD operating systems exists due to insufficient checking of input data. Exploiting this vulnerability allows a malicious actor to remotely rewrite memory on the bhyve host or execute arbitrary code under the identity of the root user...

FreeBSD -- Insufficient validation of guest-supplied data (e1000 device)

Problem Description: The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. These include the insertion of IP and TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation offload "TSO". The e1000 device model uses an...