CVE-2024-51566 bhyve(8) NVMe driver to guest-induced infinite loops.

The NVMe driver queue processing is vulernable to guest-induced infinite loops...

CVE-2024-51566 bhyve(8) NVMe driver to guest-induced infinite loops.

The NVMe driver queue processing is vulernable to guest-induced infinite loops...

CVE-2024-51565 bhyve(8) hda driver buffer over-read

The hda driver is vulnerable to a buffer over-read from a guest-controlled value...

CVE-2024-51565

The CVE-2024-51565 entry corresponds to a vulnerability in the bhyve hypervisor’s hda driver, described as a buffer over-read triggered by a guest-controlled value. The FreeBSD security advisory confirms this as one of multiple bhyve issues and notes the impact: potential DoS of the bhyve host an...

CVE-2024-51564

The CVE-2024-51564 issue is in the bhyve hypervisor’s device models, specifically a guest-triggered infinite loop in the hda audio driver. The FreeBSD VuXML advisory and related reports flag this as part of a set of bhyve vulnerabilities (CVE-2024-51562..51566) that can allow a malicious guest to...

CVE-2024-51563 bhyve(8) virtio_vq_recordon time-of-check to time-of-use race

The virtiovqrecordon function is subject to a time-of-check to time-of-use TOCTOU race condition...

CVE-2024-51562 bhyve(8) nvme_opc_get_log_page buffer over-read

The NVMe driver function nvmeopcgetlogpage is vulnerable to a buffer over-read from a guest-controlled value...

CVE-2024-51562

Summary (CVE-2024-51562): The bhyve hypervisor/FreeBSD NVMe path is affected by a buffer over-read in the NVMe driver function nvme_opc_get_log_page, triggered by a guest-controlled value. This can enable a DoS against the bhyve host and potential memory access of bhyve-process memory by a malici...

CVE-2024-41721 bhyve(8) out-of-bounds read access via XHCI emulation

An insufficient boundary validation in the USB code could lead to an out-of-bounds read on the heap, which could potentially lead to an arbitrary write and remote code execution...

CVE-2024-41721 bhyve(8) out-of-bounds read access via XHCI emulation

An insufficient boundary validation in the USB code could lead to an out-of-bounds read on the heap, which could potentially lead to an arbitrary write and remote code execution...

CVE-2024-32668 bhyve(8) privileged guest escape via USB controller

An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, whic...

FreeBSD -- bhyve(8) privileged guest escape via USB controller

Problem Description: bhyve can be configured to emulate devices on a virtual USB controller XHCI, such as USB tablet devices. An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. Impact: A malicious, privileged...

FreeBSD-SA-24:12.bhyve

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-24:12.bhyve Security Advisory The FreeBSD Project Topic: bhyve8 privileged guest escape via USB controller Category: core Module: bhyve Announced: 2024-09-04...

FreeBSD : FreeBSD -- Missing error handling in bhyve(8) device models (a6d5d4c1-0564-11ec-b69d-4062311215d5)

Certain VirtIO-based device models failed to handle errors when fetching I/O descriptors. Such errors could be triggered by a malicious guest. As a result, the device model code could be tricked into operating on uninitialized I/O vectors, leading to memory corruption. Impact : A malicious guest...

FreeBSD : FreeBSD -- bhyve(8) virtual machine escape (e722e3c6-bbee-11e6-b1cf-14dae9d210b8)

The bounds checking of accesses to guest memory greater than 4GB by device emulations is subject to integer overflow. Impact : For a bhyve virtual machine with more than 3GB of guest memory configured, a malicious guest could craft device descriptors that could give it access to the heap of the...