Lucene search
+L

66 matches found

Cvelist
Cvelist
added 2024/09/05 4:54 a.m.46 views

CVE-2024-43102 umtx Kernel panic or Use-After-Free

Concurrent removals of certain anonymous shared memory mappings by using the UMTXSHMDESTROY sub-request of UMTXOPSHM can lead to decreasing the reference count of the object representing the mapping too many times, causing it to be freed too early. A malicious code exercizing the UMTXSHMDESTROY...

0.00681EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/05 4:42 a.m.16 views

CVE-2024-32668 bhyve(8) privileged guest escape via USB controller

An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, whic...

7.3AI score0.00213EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/05 4:42 a.m.25 views

CVE-2024-32668 bhyve(8) privileged guest escape via USB controller

An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, whic...

0.00213EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/05 4:31 a.m.14 views

CVE-2024-45063 Multiple issues in ctl(4) CAM Target Layer

The function ctlwritebuffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtioscsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process,...

8.1AI score0.00521EPSS
Exploits0References1
CVE
CVE
added 2024/09/05 4:31 a.m.60 views

CVE-2024-45063

The CVE-2024-45063 issue affects FreeBSD ctl(4) CAM Target Layer. The root cause is that ctl_write_buffer incorrectly sets a flag, causing a kernel Use-After-Free when a command finishes processing. The advisory describes guest VMs exposing virtio_scsi accessing the kernel via bhyve, enabling cod...

9.8CVSS9.1AI score0.00521EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/09/05 4:31 a.m.32 views

CVE-2024-42416 Multiple issues in ctl(4) CAM Target Layer

The ctlreportsupportedopcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Malicious software running in a guest VM that exposes virtioscsi can exploit the vulnerabilities to achieve code execution on...

0.00395EPSS
Exploits0References1
CVE
CVE
added 2024/09/05 4:31 a.m.64 views

CVE-2024-42416

CVE-2024-42416 affects FreeBSD ctl(4) CAM Target Layer: ctl_report_supported_opcodes did not properly validate a field from userspace, enabling an arbitrary write into limited kernel help memory. Impact: guest VMs using virtio_scsi can abuse this to execute code on the host bhyve process (root), ...

8.8CVSS9.1AI score0.00395EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/05 4:31 a.m.18 views

CVE-2024-42416 Multiple issues in ctl(4) CAM Target Layer

The ctlreportsupportedopcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Malicious software running in a guest VM that exposes virtioscsi can exploit the vulnerabilities to achieve code execution on...

7.9AI score0.00395EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/05 4:31 a.m.14 views

CVE-2024-8178 Multiple issues in ctl(4) CAM Target Layer

The ctlwritebuffer and ctlreadbuffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a guest VM that exposes virtioscsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which...

8.1AI score0.00601EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/05 4:31 a.m.27 views

CVE-2024-8178 Multiple issues in ctl(4) CAM Target Layer

The ctlwritebuffer and ctlreadbuffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a guest VM that exposes virtioscsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which...

0.00601EPSS
Exploits0References1
CVE
CVE
added 2024/09/05 4:31 a.m.62 views

CVE-2024-8178

CVE-2024-8178 affects the FreeBSD ctl subsystem (ctl_write_buffer and ctl_read_buffer) where memory allocated for return to userspace was not initialized, enabling abuse via virtio_scsi in guest VMs. Exploitation could allow code execution on the host bhyve process (typically running as root), wi...

9.3CVSS9.2AI score0.00601EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/09/05 4:15 a.m.17 views

CVE-2024-41928

Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve...

8.4CVSS0.00244EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/05 3:32 a.m.25 views

CVE-2024-41928 bhyve(8) privileged guest escape via TPM device passthrough

Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve...

0.00244EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/05 3:32 a.m.10 views

CVE-2024-41928 bhyve(8) privileged guest escape via TPM device passthrough

Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve...

8.1AI score0.00244EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.5 views

PT-2024-5986

Name of the Vulnerable Software and Affected Versions: FreeBSD affected versions not specified NetApp ONTAP 9 formerly Clustered Data ONTAP PlayStation 5 versions prior to 7.61 Description: A use-after-free vulnerability exists in the umtx op system call within FreeBSD. This vulnerability arises...

10CVSS7.1AI score0.00681EPSS
Exploits0References58
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.10 views

PT-2024-8610 · Bhyve +1 · Bhyve +1

Name of the Vulnerable Software and Affected Versions: bhyve affected versions not specified Description: The issue is related to the ctl report supported opcodes function, which did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel...

8.8CVSS7.8AI score0.00395EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.6 views

PT-2024-29640 · Bhyve +1 · Bhyve +1

Name of the Vulnerable Software and Affected Versions: bhyve affected versions not specified Description: Malicious software running in a guest VM can exploit a buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. The bhyve process ru...

8.4CVSS8AI score0.00244EPSS
Exploits0References11
FreeBSD
FreeBSD
added 2024/09/04 12:0 a.m.34 views

FreeBSD -- umtx Kernel panic or Use-After-Free

Problem Description: Concurrent removals of such a mapping by using the UMTXSHMDESTROY sub-request of UMTXOPSHM can lead to decreasing the reference count of the object representing the mapping too many times, causing it to be freed too early. Impact: A malicious code exercizing the UMTXSHMDESTRO...

10CVSS7.4AI score0.00681EPSS
Exploits0
FreeBSD
FreeBSD
added 2024/09/04 12:0 a.m.17 views

FreeBSD -- bhyve(8) privileged guest escape via USB controller

Problem Description: bhyve can be configured to emulate devices on a virtual USB controller XHCI, such as USB tablet devices. An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. Impact: A malicious, privileged...

8.2CVSS7.4AI score0.00213EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/08/27 12:0 a.m.12 views

PT-2024-8702 · Bhyve +1 · Bhyve +1

Name of the Vulnerable Software and Affected Versions: bhyve affected versions not specified Description: The issue is related to an insufficient boundary validation in the USB code, which could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privilege...

8.2CVSS7.4AI score0.00213EPSS
Exploits0References15
Rows per page
Query Builder