11 matches found
CVE-2024-8178
The ctlwritebuffer and ctlreadbuffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a guest VM that exposes virtioscsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which...
CVE-2024-42416
The ctlreportsupportedopcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Malicious software running in a guest VM that exposes virtioscsi can exploit the vulnerabilities to achieve code execution on...
CVE-2024-45063
The function ctlwritebuffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtioscsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process,...
CVE-2024-45063
The CVE-2024-45063 issue affects FreeBSD ctl(4) CAM Target Layer. The root cause is that ctl_write_buffer incorrectly sets a flag, causing a kernel Use-After-Free when a command finishes processing. The advisory describes guest VMs exposing virtio_scsi accessing the kernel via bhyve, enabling cod...
CVE-2024-45063 Multiple issues in ctl(4) CAM Target Layer
The function ctlwritebuffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtioscsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process,...
CVE-2024-45063 Multiple issues in ctl(4) CAM Target Layer
The function ctlwritebuffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtioscsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process,...
CVE-2024-43110 Multiple issues in ctl(4) CAM Target Layer
The ctlrequestsense function could expose up to three bytes of the kernel heap to userspace. Malicious software running in a guest VM that exposes virtioscsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note th...
CVE-2024-43110 Multiple issues in ctl(4) CAM Target Layer
The ctlrequestsense function could expose up to three bytes of the kernel heap to userspace. Malicious software running in a guest VM that exposes virtioscsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note th...
CVE-2024-42416
CVE-2024-42416 affects FreeBSD ctl(4) CAM Target Layer: ctl_report_supported_opcodes did not properly validate a field from userspace, enabling an arbitrary write into limited kernel help memory. Impact: guest VMs using virtio_scsi can abuse this to execute code on the host bhyve process (root), ...
CVE-2024-8178
CVE-2024-8178 affects the FreeBSD ctl subsystem (ctl_write_buffer and ctl_read_buffer) where memory allocated for return to userspace was not initialized, enabling abuse via virtio_scsi in guest VMs. Exploitation could allow code execution on the host bhyve process (typically running as root), wi...
FreeBSD -- Multiple issues in ctl(4) CAM Target Layer
Problem Description: Several vulnerabilities were found in the ctl subsystem. The function ctlwritebuffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing CVE-2024-45063. The ctlwritebuffer and ctlreadbuffer functions allocated memory to be...