CVE-2024-45289

CVE-2024-45289 affects FreeBSD: the fetch(3) library uses environment variables to pass info, including the revocation file pathname, but the fetch(1) option name was incorrect and effectively ignored the option. As a result, FreeBSD could connect to a host presenting a certificate listed in the ...

FreeBSD -- Unbounded allocation in ctl(4) CAM Target Layer

Problem Description: The command ctlpersistentreserveout allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator. Impact: A malicious guest could cause a Denial of Service DoS on the host...

CVE-2024-45063 Multiple issues in ctl(4) CAM Target Layer

The function ctlwritebuffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtioscsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process,...

CVE-2024-43110 Multiple issues in ctl(4) CAM Target Layer

The ctlrequestsense function could expose up to three bytes of the kernel heap to userspace. Malicious software running in a guest VM that exposes virtioscsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note th...