2 matches found
CVE-2024-45063 Multiple issues in ctl(4) CAM Target Layer
The function ctlwritebuffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtioscsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process,...
CVE-2024-45063
The CVE-2024-45063 issue affects FreeBSD ctl(4) CAM Target Layer. The root cause is that ctl_write_buffer incorrectly sets a flag, causing a kernel Use-After-Free when a command finishes processing. The advisory describes guest VMs exposing virtio_scsi accessing the kernel via bhyve, enabling cod...